Systems and methods for protecting email data

ABSTRACT

Aspects of this disclosure relate to protecting email data. For example, email protection rules can instruct an email server to route an email to an email protection module. The one or more email rules can identify a group of one or more email addresses. The email protection module can receive an email from the email server that has an email address of the group as an intended receipt. The email protection module can route the email to secondary storage and store the email in secondary storage to create a secondary copy of the email. The secondary copy can be stored inline to persistent memory of secondary storage, according to certain embodiments. Access to the backup copy of the email stored to the persistent memory can be controlled, for example, based on whether a user had permission to access to the email when the email was sent.

INCORPORATION BY REFERENCE TO ANY PRIORITY APPLICATIONS

Any and all applications for which a foreign or domestic priority claimis identified in the Application Data Sheet as filed with the presentapplication are hereby incorporated by reference under 37 CFR 1.57.

BACKGROUND

Businesses worldwide recognize the commercial value of their data andseek reliable, cost-effective ways to protect the information stored ontheir computer networks while minimizing impact on productivity.Protecting information is often part of a routine process that isperformed within an organization. A company might back up criticalcomputing systems such as databases, file servers, web servers, and soon as part of a daily, weekly, or monthly maintenance schedule. Thecompany may similarly protect computing systems used by each of itsemployees, such as those used by an accounting department, marketingdepartment, engineering department, legal department and so forth.

Given the rapidly expanding volume of data under management, companiesalso continue to seek innovative techniques for managing data growth, inaddition to protecting data. For instance, companies often implementmigration techniques for moving data to lower cost storage over time anddata reduction techniques for reducing redundant data, pruning lowerpriority data, etc. Enterprises also increasingly view their stored dataas a valuable asset. Along these lines, customers are looking forsolutions that not only protect and manage, but also leverage theirdata. For instance, solutions providing data analysis capabilities,improved data presentation and access features, and the like, are inincreasing demand.

Management and backup of electronic mail (email) can be an importantfunction in enterprise data systems. However, backing up email in anefficient manner that complies with legal, regulatory and/or othercompliance requirements can be challenging. Furthermore, some existingways of backing up email can require expensive licenses to implementcertain features of an email server, such as journaling for MicrosoftEXCHANGE® servers or IBM DOMINO® servers.

SUMMARY

Enterprise computing systems typically manage a large volume of emaildata on a continuing basis. Storing backup copies of emails can bedesirable for a variety of reasons including, for example, complyingwith legal, regulatory, compliance, or similar requirements. As usedherein, the term “backup copy” of an email can refer to anyrepresentation of an email that stored to persistent storage for thepurpose of creating a copy the email, such as to protect the email incase the original email is lost. The term “backup copy” as used hereinwith respect to email can encompass any type of secondary copy of anemail, including any type of protection copy located in persistentstorage of a secondary storage subsystem. As used herein, the term“second instance” of an email can refer to any representation of anemail that is stored to non-persistent memory, memory of a primarystorage subsystem, and/or routed to one or more computing devices forthe purpose of creating a backup copy of the email, such as to protectthe email in the case the original email is lost. The backup copy and/orthe second instance of the email can each encompass different formats ofthe same email message. Storing backup copies of emails can be part ofan enterprise's email retention and/or archive policies. Storing backupcopies of emails can also provide a user with access to emails that havebeen deleted from the inbox of the user's email client when the userlater desires to access the email.

It can be advantageous to backup emails in connection with an emailserver routing email traffic to computing devices associated with one ormore email recipients. This email backup can be performed inline incertain applications. As used herein, “inline” may refer to being partof a substantially continuous sequence of operations, as described infurther detail throughout the disclosure. The inline email backupdescribed herein can save one or more backup copies of an email at atime to secondary storage according to certain implementations.

The email protection techniques disclosed herein can be implemented incertain embodiments in connection with any suitable email serverapplication without purchasing expensive licenses for additionalfeatures related to backing up email, such as journaling for MicrosoftEXCHANGE® or IBM DOMINO®.

Email protection rules can be implemented to route email trafficassociated with a group of one or more email addresses from an emailserver to an email protection module that can cause a backup copy of theemail to be stored in secondary storage. As an example, an emailprotection rule can cause backup copies of some or all emails associatedwith a legal team of an enterprise to be saved to secondary storage. Inanother example, an email rule can cause backup of some or all emails ofcorporate officers in the secondary storage. Such routing and storage ofemails can be performed in addition to routing emails to their intendedrecipients. Such routing can be transparent to the email client of thesender and/or to the recipient(s) of the email. For example, firstinstances of the email are sent to each of the intended recipients, anda second instance of the email can be routed to the email protectionmodule. The first instances and the second instances are communicatedusing email protocol in certain embodiments. For example, the emailserver sends the second instance to an email address associated with theemail protection module using email protocol. In this manner, the emailserver sends the second instance of the email to the email protectionmodule in the same fashion that it sends the first instances to theother intended recipients. The email protection module then provides thesecond instance of the email to one or more media agents in a secondarystorage subsystem, e.g., without storing the second instance of theemail in persistent memory of the primary storage subsystem. The one ormore media agents can cause a backup copy of the email to be stored inpersistent storage of one or more secondary storage devices. As such,the backup copy of the email can be stored in persistent storagetransparent to an email server application that routes the secondinstance of the email to the email protection module.

The backup copy of the mail can also be content indexed in the secondarystorage subsystem. Because the backup process can be performed inline,the backup email data stored in the secondary storage subsystem can beaccessible substantially in real time, e.g., relatively soon after orotherwise near the time the email was sent to the intended recipient.The backup copy of the email can be retained in the secondary storagesubsystem independently of whether a sender and/or recipient of theemail maintains the email in her email client.

Backing up emails as they are routed by an enterprise email server cancreate a backup of electronic mailbox(es) of a group of one or moreusers in secondary storage. The backup emails can be accessible to usersbased on whether the users had access to the emails at the time theemails were sent. Policies for retaining the backup email can be managedby the enterprise. The content index can enable the backup email(s)associated with a selected user to be searchable and easy to find.

For purposes of summarizing the disclosure, certain aspects, advantagesand novel features of the inventions have been described herein. It isto be understood that not necessarily all such advantages may beachieved in accordance with any particular embodiment of the invention.Thus, the invention may be embodied or carried out in a manner thatachieves or optimizes one advantage or group of advantages as taughtherein without necessarily achieving other advantages as may be taughtor suggested herein.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1A is a block diagram illustrating an exemplary informationmanagement system.

FIG. 1B is a detailed view of a primary storage device, a secondarystorage device, and some examples of primary data and secondary copydata.

FIG. 1C is a block diagram of an exemplary information management systemincluding a storage manager, one or more data agents, and one or moremedia agents.

FIG. 1D is a block diagram illustrating a scalable informationmanagement system.

FIG. 1E illustrates certain secondary copy operations according to anexemplary storage policy.

FIGS. 1F-1H are block diagrams illustrating suitable data structuresthat may be employed by the information management system.

FIGS. 2A and 2B are block diagrams illustrating an example informationmanagement system configured to backup email data. FIG. 2A shows a dataflow associated with backing up an email sent from the informationmanagement system according to an illustrative embodiment. FIG. 2B showsa data flow associated with backing up an email received by theinformation management system according to an illustrative embodiment.

FIG. 3 is a flow chart of an example process of backing up emails inlinein secondary storage according to an illustrative embodiment.

FIG. 4 is a block diagram of an illustrative data structure storingexample email rules according to an illustrative embodiment.

DETAILED DESCRIPTION

Systems and methods are disclosed for protecting email in accordancewith email protection rules. For instance, some such systems and methodsincorporate an email protection module or processor configured toprovide inline backup of email data. Examples of these systems andmethods are described in further detail herein, for example, withrespect to FIGS. 2A to 4. The email protection functionality describedherein may be implemented by or within information management systemssuch as those that will be described with respect to FIGS. 1A to 2B. Assuch, the componentry for implementing the email backup functionalitycan be incorporated into such information management systems.

Information Management System Overview

With the increasing importance of protecting and leveraging data,organizations simply cannot afford to take the risk of losing criticaldata. Moreover, runaway data growth and other modern realities makeprotecting and managing data an increasingly difficult task. There istherefore a need for efficient, powerful, and user-friendly solutionsfor protecting and managing data.

Depending on the size of the organization, there are typically many dataproduction sources which are under the purview of tens, hundreds, oreven thousands of employees or other individuals. In the past,individual employees were sometimes responsible for managing andprotecting their data. A patchwork of hardware and software pointsolutions has been applied in other cases. These solutions were oftenprovided by different vendors and had limited or no interoperability.

Certain embodiments described herein provide systems and methods capableof addressing these and other shortcomings of prior approaches byimplementing unified, organization-wide information management. FIG. 1Ashows one such information management system 100, which generallyincludes combinations of hardware and software configured to protect andmanage data and metadata, which is generated and used by the variouscomputing devices in information management system 100. The organizationthat employs the information management system 100 may be a corporationor other business entity, non-profit organization, educationalinstitution, household, governmental agency, or the like.

Generally, the systems and associated components described herein may becompatible with and/or provide some or all of the functionality of thesystems and corresponding components described in one or more of thefollowing U.S. patents and patent application publications assigned toCommVault Systems, Inc., each of which is hereby incorporated in itsentirety by reference herein:

-   -   U.S. Pat. No. 8,285,681, entitled “Data Object Store and Server        for a Cloud Storage Environment, Including Data Deduplication        and Data Management Across Multiple Cloud Storage Sites”;    -   U.S. Pat. No. 8,307,177, entitled “Systems And Methods For        Management Of Virtualization Data”;    -   U.S. Pat. No. 7,035,880, entitled “Modular Backup and Retrieval        System Used in Conjunction With a Storage Area Network”;    -   U.S. Pat. No. 7,343,453, entitled “Hierarchical Systems and        Methods for Providing a Unified View of Storage Information”;    -   U.S. Pat. No. 7,395,282, entitled “Hierarchical Backup and        Retrieval System”;    -   U.S. Pat. No. 7,246,207, entitled “System and Method for        Dynamically Performing Storage Operations in a Computer        Network”;    -   U.S. Pat. No. 7,747,579, entitled “Metabase for Facilitating        Data Classification”;    -   U.S. Pat. No. 8,229,954, entitled “Managing Copies of Data”;    -   U.S. Pat. No. 7,617,262, entitled “System and Methods for        Monitoring Application Data in a Data Replication System”;    -   U.S. Pat. No. 7,529,782, entitled “System and Methods for        Performing a Snapshot and for Restoring Data”;    -   U.S. Pat. No. 8,230,195, entitled “System And Method For        Performing Auxiliary Storage Operations”;    -   U.S. Pat. No. 7,315,923, entitled “System And Method For        Combining Data Streams In Pipelined Storage Operations In A        Storage Network”;    -   U.S. Pat. No. 8,364,652, entitled “Content-Aligned, Block-Based        Deduplication”;    -   U.S. Pat. Pub. No. 2006/0224846, entitled “System and Method to        Support Single Instance Storage Operations”;    -   U.S. Pat. No. 8,578,120, entitled “Block-Level Single        Instancing”;    -   U.S. Pat. Pub. No. 2009/0319534, entitled “Application-Aware and        Remote Single Instance Data Management”;    -   U.S. Pat. Pub. No. 2012/0150826, entitled “Distributed        Deduplicated Storage System”;    -   U.S. Pat. Pub. No. 2012/0150818, entitled “Client-Side        Repository in a Networked Deduplicated Storage System”;    -   U.S. Pat. No. 8,170,995, entitled “Method and System for Offline        Indexing of Content and Classifying Stored Data”;    -   U.S. Pat. No. 7,107,298, entitled “System And Method For        Archiving Objects In An Information Store”;    -   U.S. Pat. No. 8,230,195, entitled “System And Method For        Performing Auxiliary Storage Operations”;    -   U.S. Pat. No. 8,229,954, entitled “Managing Copies Of Data”; and    -   U.S. Pat. No. 8,156,086, entitled “Systems And Methods For        Stored Data Verification”.

The information management system 100 can include a variety of differentcomputing devices. For instance, as will be described in greater detailherein, the information management system 100 can include one or moreclient computing devices 102 and secondary storage computing devices106.

Computing devices can include, without limitation, one or more:workstations, personal computers, desktop computers, or other types ofgenerally fixed computing systems such as mainframe computers andminicomputers. Other computing devices can include mobile or portablecomputing devices, such as one or more laptops, tablet computers,personal data assistants, mobile phones (such as smartphones), and othermobile or portable computing devices such as embedded computers, set topboxes, vehicle-mounted devices, wearable computers, etc. Computingdevices can include servers, such as mail servers, file servers,database servers, and web servers.

In some cases, a computing device includes virtualized and/or cloudcomputing resources. For instance, one or more virtual machines may beprovided to the organization by a third-party cloud service vendor. Or,in some embodiments, computing devices can include one or more virtualmachine(s) running on a physical host computing device (or “hostmachine”) operated by the organization. As one example, the organizationmay use one virtual machine as a database server and another virtualmachine as a mail server, both virtual machines operating on the samehost machine.

A virtual machine includes an operating system and associated virtualresources, and is hosted simultaneously with another operating system ona physical host computer (or host machine). A hypervisor (typicallysoftware, and also known in the art as a virtual machine monitor or avirtual machine manager or “VMM”) sits between the virtual machine andthe hardware of the physical host machine. One example of hypervisor asvirtualization software is ESX Server, by VMware, Inc. of Palo Alto,Calif.; other examples include Microsoft Virtual Server and MicrosoftWindows Server Hyper-V, both by Microsoft Corporation of Redmond, Wash.,and Sun xVM by Oracle America Inc. of Santa Clara, Calif. In someembodiments, the hypervisor may be firmware or hardware or a combinationof software and/or firmware and/or hardware.

The hypervisor provides to each virtual operating system virtualresources, such as a virtual processor, virtual memory, a virtualnetwork device, and a virtual disk. Each virtual machine has one or morevirtual disks. The hypervisor typically stores the data of virtual disksin files on the file system of the physical host machine, called virtualmachine disk files (in the case of VMware virtual servers) or virtualhard disk image files (in the case of Microsoft virtual servers). Forexample, VMware's ESX Server provides the Virtual Machine File System(VMFS) for the storage of virtual machine disk files. A virtual machinereads data from and writes data to its virtual disk much the same waythat an actual physical machine reads data from and writes data to anactual disk.

Examples of techniques for implementing information managementtechniques in a cloud computing environment are described in U.S. Pat.No. 8,285,681, which is incorporated by reference herein. Examples oftechniques for implementing information management techniques in avirtualized computing environment are described in U.S. Pat. No.8,307,177, also incorporated by reference herein.

The information management system 100 can also include a variety ofstorage devices, including primary storage devices 104 and secondarystorage devices 108, for example. Storage devices can generally be ofany suitable type including, without limitation, disk drives, hard-diskarrays, semiconductor memory (e.g., solid state storage devices),network attached storage (NAS) devices, tape libraries or othermagnetic, non-tape storage devices, optical media storage devices,DNA/RNA-based memory technology, combinations of the same, and the like.In some embodiments, storage devices can form part of a distributed filesystem. In some cases, storage devices are provided in a cloud (e.g., aprivate cloud or one operated by a third-party vendor). A storage devicein some cases comprises a disk array or portion thereof.

The illustrated information management system 100 includes one or moreclient computing device 102 having at least one application 110executing thereon, and one or more primary storage devices 104 storingprimary data 112. The client computing device(s) 102 and the primarystorage devices 104 may generally be referred to in some cases as aprimary storage subsystem 117. A computing device in an informationmanagement system 100 that has a data agent 142 installed and operatingon it is generally referred to as a client computing device 102 (or, inthe context of a component of the information management system 100simply as a “client”).

Depending on the context, the term “information management system” canrefer to generally all of the illustrated hardware and softwarecomponents. Or, in other instances, the term may refer to only a subsetof the illustrated components.

For instance, in some cases, the information management system 100generally refers to a combination of specialized components used toprotect, move, manage, manipulate, analyze, and/or process data andmetadata generated by the client computing devices 102. However, theinformation management system 100 in some cases does not include theunderlying components that generate and/or store the primary data 112,such as the client computing devices 102 themselves, the applications110 and operating system operating on the client computing devices 102,and the primary storage devices 104. As an example, “informationmanagement system” may sometimes refer to one or more of the followingcomponents and corresponding data structures: storage managers, dataagents, and media agents. These components will be described in furtherdetail below.

Client Computing Devices

There are typically a variety of sources in an organization that producedata to be protected and managed. As just one illustrative example, in acorporate environment such data sources can be employee workstations andcompany servers such as a mail server, a web server, a database server,a transaction server, or the like. In the information management system100, the data generation sources include the one or more clientcomputing devices 102.

The client computing devices 102 may include any of the types ofcomputing devices described above, without limitation, and in some casesthe client computing devices 102 are associated with one or more usersand/or corresponding user accounts, of employees or other individuals.

The information management system 100 generally addresses and handlesthe data management and protection needs for the data generated by theclient computing devices 102. However, the use of this term does notimply that the client computing devices 102 cannot be “servers” in otherrespects. For instance, a particular client computing device 102 may actas a server with respect to other devices, such as other clientcomputing devices 102. As just a few examples, the client computingdevices 102 can include mail servers, file servers, database servers,and web servers.

Each client computing device 102 may have one or more applications 110(e.g., software applications) executing thereon which generate andmanipulate the data that is to be protected from loss and managed. Theapplications 110 generally facilitate the operations of an organization(or multiple affiliated organizations), and can include, withoutlimitation, mail server applications (e.g., Microsoft Exchange Server),file server applications, mail client applications (e.g., MicrosoftExchange Client), database applications (e.g., SQL, Oracle, SAP, LotusNotes Database), word processing applications (e.g., Microsoft Word),spreadsheet applications, financial applications, presentationapplications, graphics and/or video applications, browser applications,mobile applications, entertainment applications, and so on.

The client computing devices 102 can have at least one operating system(e.g., Microsoft Windows, Mac OS X, iOS, IBM z/OS, Linux, otherUnix-based operating systems, etc.) installed thereon, which may supportor host one or more file systems and other applications 110.

The client computing devices 102 and other components in informationmanagement system 100 can be connected to one another via one or morecommunication pathways 114. For example, a first communication pathway114 may connect (or communicatively couple) client computing device 102and secondary storage computing device 106; a second communicationpathway 114 may connect storage manager 140 and client computing device102; and a third communication pathway 114 may connect storage manager140 and secondary storage computing device 106, etc. (see, e.g., FIG. 1Aand FIG. 10). The communication pathways 114 can include one or morenetworks or other connection types including one or more of thefollowing, without limitation: the Internet, a wide area network (WAN),a local area network (LAN), a Storage Area Network (SAN), a FibreChannel connection, a Small Computer System Interface (SCSI) connection,a virtual private network (VPN), a token ring or TCP/IP based network,an intranet network, a point-to-point link, a cellular network, awireless data transmission system, a two-way cable system, aninteractive kiosk network, a satellite network, a broadband network, abaseband network, a neural network, a mesh network, an ad hoc network,other appropriate wired, wireless, or partially wired/wireless computeror telecommunications networks, combinations of the same or the like.The communication pathways 114 in some cases may also includeapplication programming interfaces (APIs) including, e.g., cloud serviceprovider APIs, virtual machine management APIs, and hosted serviceprovider APIs. The underlying infrastructure of communication paths 114may be wired and/or wireless, analog and/or digital, or any combinationthereof; and the facilities used may be private, public, third-partyprovided, or any combination thereof, without limitation.

Primary Data and Exemplary Primary Storage Devices

Primary data 112 according to some embodiments is production data orother “live” data generated by the operating system and/or applications110 operating on a client computing device 102. The primary data 112 isgenerally stored on the primary storage device(s) 104 and is organizedvia a file system supported by the client computing device 102. Forinstance, the client computing device(s) 102 and correspondingapplications 110 may create, access, modify, write, delete, andotherwise use primary data 112. In some cases, some or all of theprimary data 112 can be stored in cloud storage resources (e.g., primarystorage device 104 may be a cloud-based resource).

Primary data 112 is generally in the native format of the sourceapplication 110. According to certain aspects, primary data 112 is aninitial or first (e.g., created before any other copies or before atleast one other copy) stored copy of data generated by the sourceapplication 110. Primary data 112 in some cases is created substantiallydirectly from data generated by the corresponding source applications110.

The primary storage devices 104 storing the primary data 112 may berelatively fast and/or expensive technology (e.g., a disk drive, ahard-disk array, solid state memory, etc.). In addition, primary data112 may be highly changeable and/or may be intended for relatively shortterm retention (e.g., hours, days, or weeks).

According to some embodiments, the client computing device 102 canaccess primary data 112 from the primary storage device 104 by makingconventional file system calls via the operating system. Primary data112 may include structured data (e.g., database files), unstructureddata (e.g., documents), and/or semi-structured data. Some specificexamples are described below with respect to FIG. 1B.

It can be useful in performing certain tasks to organize the primarydata 112 into units of different granularities. In general, primary data112 can include files, directories, file system volumes, data blocks,extents, or any other hierarchies or organizations of data objects. Asused herein, a “data object” can refer to both (1) any file that iscurrently addressable by a file system or that was previouslyaddressable by the file system (e.g., an archive file) and (2) a subsetof such a file (e.g., a data block).

As will be described in further detail, it can also be useful inperforming certain functions of the information management system 100 toaccess and modify metadata within the primary data 112. Metadatagenerally includes information about data objects or characteristicsassociated with the data objects. For simplicity herein, it is to beunderstood that, unless expressly stated otherwise, any reference toprimary data 112 generally also includes its associated metadata, butreferences to the metadata do not include the primary data.

Metadata can include, without limitation, one or more of the following:the data owner (e.g., the client or user that generates the data), thelast modified time (e.g., the time of the most recent modification ofthe data object), a data object name (e.g., a file name), a data objectsize (e.g., a number of bytes of data), information about the content(e.g., an indication as to the existence of a particular search term),user-supplied tags, to/from information for email (e.g., an emailsender, recipient, etc.), creation date, file type (e.g., format orapplication type), last accessed time, application type (e.g., type ofapplication that generated the data object), location/network (e.g., acurrent, past or future location of the data object and network pathwaysto/from the data object), geographic location (e.g., GPS coordinates),frequency of change (e.g., a period in which the data object ismodified), business unit (e.g., a group or department that generates,manages or is otherwise associated with the data object), aginginformation (e.g., a schedule, such as a time period, in which the dataobject is migrated to secondary or long term storage), boot sectors,partition layouts, file location within a file folder directorystructure, user permissions, owners, groups, access control lists[ACLs]), system metadata (e.g., registry information), combinations ofthe same or other similar information related to the data object.

In addition to metadata generated by or related to file systems andoperating systems, some of the applications 110 and/or other componentsof the information management system 100 maintain indices of metadatafor data objects, e.g., metadata associated with individual emailmessages. Thus, each data object may be associated with correspondingmetadata. The use of metadata to perform classification and otherfunctions is described in greater detail below.

Each of the client computing devices 102 are generally associated withand/or in communication with one or more of the primary storage devices104 storing corresponding primary data 112. A client computing device102 may be considered to be “associated with” or “in communication with”a primary storage device 104 if it is capable of one or more of: routingand/or storing data (e.g., primary data 112) to the particular primarystorage device 104, coordinating the routing and/or storing of data tothe particular primary storage device 104, retrieving data from theparticular primary storage device 104, coordinating the retrieval ofdata from the particular primary storage device 104, and modifyingand/or deleting data retrieved from the particular primary storagedevice 104.

The primary storage devices 104 can include any of the different typesof storage devices described above, or some other kind of suitablestorage device. The primary storage devices 104 may have relatively fastI/O times and/or are relatively expensive in comparison to the secondarystorage devices 108. For example, the information management system 100may generally regularly access data and metadata stored on primarystorage devices 104, whereas data and metadata stored on the secondarystorage devices 108 is accessed relatively less frequently.

Primary storage device 104 may be dedicated or shared. In some cases,each primary storage device 104 is dedicated to an associated clientcomputing device 102. For instance, a primary storage device 104 in oneembodiment is a local disk drive of a corresponding client computingdevice 102. In other cases, one or more primary storage devices 104 canbe shared by multiple client computing devices 102, e.g., via a networksuch as in a cloud storage implementation. As one example, a primarystorage device 104 can be a disk array shared by a group of clientcomputing devices 102, such as one of the following types of diskarrays: EMC Clariion, EMC Symmetrix, EMC Celerra, Dell EqualLogic, IBMXIV, NetApp FAS, HP EVA, and HP 3PAR.

The information management system 100 may also include hosted services(not shown), which may be hosted in some cases by an entity other thanthe organization that employs the other components of the informationmanagement system 100. For instance, the hosted services may be providedby various online service providers to the organization. Such serviceproviders can provide services including social networking services,hosted email services, or hosted productivity applications or otherhosted applications). Hosted services may include software-as-a-service(SaaS), platform-as-a-service (PaaS), application service providers(ASPs), cloud services, or other mechanisms for delivering functionalityvia a network. As it provides services to users, each hosted service maygenerate additional data and metadata under management of theinformation management system 100, e.g., as primary data 112. In somecases, the hosted services may be accessed using one of the applications110. As an example, a hosted mail service may be accessed via browserrunning on a client computing device 102. The hosted services may beimplemented in a variety of computing environments. In some cases, theyare implemented in an environment having a similar arrangement to theinformation management system 100, where various physical and logicalcomponents are distributed over a network.

Secondary Copies and Exemplary Secondary Storage Devices

The primary data 112 stored on the primary storage devices 104 may becompromised in some cases, such as when an employee deliberately oraccidentally deletes or overwrites primary data 112 during their normalcourse of work. Or the primary storage devices 104 can be damaged, lost,or otherwise corrupted. For recovery and/or regulatory compliancepurposes, it is therefore useful to generate copies of the primary data112. Accordingly, the information management system 100 includes one ormore secondary storage computing devices 106 and one or more secondarystorage devices 108 configured to create and store one or more secondarycopies 116 of the primary data 112 and associated metadata. Thesecondary storage computing devices 106 and the secondary storagedevices 108 may sometimes be referred to as a secondary storagesubsystem 118.

Creation of secondary copies 116 can help in search and analysis effortsand meet other information management goals, such as: restoring dataand/or metadata if an original version (e.g., of primary data 112) islost (e.g., by deletion, corruption, or disaster); allowingpoint-in-time recovery; complying with regulatory data retention andelectronic discovery (e-discovery) requirements; reducing utilizedstorage capacity; facilitating organization and search of data;improving user access to data files across multiple computing devicesand/or hosted services; and implementing data retention policies.

The client computing devices 102 access or receive primary data 112 andcommunicate the data, e.g., over one or more communication pathways 114,for storage in the secondary storage device(s) 108.

A secondary copy 116 can comprise a separate stored copy of applicationdata that is derived from one or more earlier-created, stored copies(e.g., derived from primary data 112 or another secondary copy 116).Secondary copies 116 can include point-in-time data, and may be intendedfor relatively long-term retention (e.g., weeks, months or years),before some or all of the data is moved to other storage or isdiscarded.

In some cases, a secondary copy 116 is a copy of application datacreated and stored subsequent to at least one other stored instance(e.g., subsequent to corresponding primary data 112 or to anothersecondary copy 116), in a different storage device than at least oneprevious stored copy, and/or remotely from at least one previous storedcopy. In some other cases, secondary copies can be stored in the samestorage device as primary data 112 and/or other previously storedcopies. For example, in one embodiment a disk array capable ofperforming hardware snapshots stores primary data 112 and creates andstores hardware snapshots of the primary data 112 as secondary copies116. Secondary copies 116 may be stored in relatively slow and/or lowcost storage (e.g., magnetic tape). A secondary copy 116 may be storedin a backup or archive format, or in some other format different thanthe native source application format or other primary data format.

In some cases, secondary copies 116 are indexed so users can browse andrestore at another point in time. After creation of a secondary copy 116representative of certain primary data 112, a pointer or other locationindicia (e.g., a stub) may be placed in primary data 112, or beotherwise associated with primary data 112 to indicate the currentlocation on the secondary storage device(s) 108 of secondary copy 116.

Since an instance of a data object or metadata in primary data 112 maychange over time as it is modified by an application 110 (or hostedservice or the operating system), the information management system 100may create and manage multiple secondary copies 116 of a particular dataobject or metadata, each representing the state of the data object inprimary data 112 at a particular point in time. Moreover, since aninstance of a data object in primary data 112 may eventually be deletedfrom the primary storage device 104 and the file system, the informationmanagement system 100 may continue to manage point-in-timerepresentations of that data object, even though the instance in primarydata 112 no longer exists.

For virtualized computing devices the operating system and otherapplications 110 of the client computing device(s) 102 may executewithin or under the management of virtualization software (e.g., a VMM),and the primary storage device(s) 104 may comprise a virtual diskcreated on a physical storage device. The information management system100 may create secondary copies 116 of the files or other data objectsin a virtual disk file and/or secondary copies 116 of the entire virtualdisk file itself (e.g., of an entire .vmdk file).

Secondary copies 116 may be distinguished from corresponding primarydata 112 in a variety of ways, some of which will now be described.First, as discussed, secondary copies 116 can be stored in a differentformat (e.g., backup, archive, or other non-native format) than primarydata 112. For this or other reasons, secondary copies 116 may not bedirectly useable by the applications 110 of the client computing device102, e.g., via standard system calls or otherwise without modification,processing, or other intervention by the information management system100.

Secondary copies 116 are also in some embodiments stored on a secondarystorage device 108 that is inaccessible to the applications 110 runningon the client computing devices 102 (and/or hosted services). Somesecondary copies 116 may be “offline copies,” in that they are notreadily available (e.g., not mounted to tape or disk). Offline copiescan include copies of data that the information management system 100can access without human intervention (e.g., tapes within an automatedtape library, but not yet mounted in a drive), and copies that theinformation management system 100 can access only with at least somehuman intervention (e.g., tapes located at an offsite storage site).

The Use of Intermediate Devices for Creating Secondary Copies

Creating secondary copies can be a challenging task. For instance, therecan be hundreds or thousands of client computing devices 102 continuallygenerating large volumes of primary data 112 to be protected. Also,there can be significant overhead involved in the creation of secondarycopies 116. Moreover, secondary storage devices 108 may be specialpurpose components, and interacting with them can require specializedintelligence.

In some cases, the client computing devices 102 interact directly withthe secondary storage device 108 to create the secondary copies 116.However, in view of the factors described above, this approach cannegatively impact the ability of the client computing devices 102 toserve the applications 110 and produce primary data 112. Further, theclient computing devices 102 may not be optimized for interaction withthe secondary storage devices 108.

Thus, in some embodiments, the information management system 100includes one or more software and/or hardware components which generallyact as intermediaries between the client computing devices 102 and thesecondary storage devices 108. In addition to off-loading certainresponsibilities from the client computing devices 102, theseintermediate components can provide other benefits. For instance, asdiscussed further below with respect to FIG. 1D, distributing some ofthe work involved in creating secondary copies 116 can enhancescalability.

The intermediate components can include one or more secondary storagecomputing devices 106 as shown in FIG. 1A and/or one or more mediaagents, which can be software modules operating on correspondingsecondary storage computing devices 106 (or other appropriate computingdevices). Media agents are discussed below (e.g., with respect to FIGS.1C-1E).

The secondary storage computing device(s) 106 can comprise any of thecomputing devices described above, without limitation. In some cases,the secondary storage computing device(s) 106 include specializedhardware and/or software componentry for interacting with the secondarystorage devices 108.

To create a secondary copy 116 involving the copying of data from theprimary storage subsystem 117 to the secondary storage subsystem 118,the client computing device 102 in some embodiments communicates theprimary data 112 to be copied (or a processed version thereof) to thedesignated secondary storage computing device 106, via the communicationpathway 114. The secondary storage computing device 106 in turn conveysthe received data (or a processed version thereof) to the secondarystorage device 108. In some such configurations, the communicationpathway 114 between the client computing device 102 and the secondarystorage computing device 106 comprises a portion of a LAN, WAN or SAN.In other cases, at least some client computing devices 102 communicatedirectly with the secondary storage devices 108 (e.g., via Fibre Channelor SCSI connections). In some other cases, one or more secondary copies116 are created from existing secondary copies, such as in the case ofan auxiliary copy operation, described in greater detail below.

Exemplary Primary Data and an Exemplary Secondary Copy

FIG. 1B is a detailed view showing some specific examples of primarydata stored on the primary storage device(s) 104 and secondary copy datastored on the secondary storage device(s) 108, with other components inthe system removed for the purposes of illustration. Stored on theprimary storage device(s) 104 are primary data objects including wordprocessing documents 119A-B, spreadsheets 120, presentation documents122, video files 124, image files 126, email mailboxes 128 (andcorresponding email messages 129A-C), html/xml or other types of markuplanguage files 130, databases 132 and corresponding tables or other datastructures 133A-133C).

Some or all primary data objects are associated with correspondingmetadata (e.g., “Meta1-11”), which may include file system metadataand/or application specific metadata. Stored on the secondary storagedevice(s) 108 are secondary copy data objects 134A-C which may includecopies of or otherwise represent corresponding primary data objects andmetadata.

As shown, the secondary copy data objects 134A-C can individuallyrepresent more than one primary data object. For example, secondary copydata object 134A represents three separate primary data objects 133C,122, and 129C (represented as 133C′, 122′, and 129C′, respectively, andaccompanied by the corresponding metadata Meta11, Meta3, and Meta8,respectively). Moreover, as indicated by the prime mark (′), a secondarycopy object may store a representation of a primary data object and/ormetadata differently than the original format, e.g., in a compressed,encrypted, deduplicated, or other modified format. Likewise, secondarydata object 134B represents primary data objects 120, 133B, and 119A as120′, 133B′, and 119A′, respectively and accompanied by correspondingmetadata Meta2, Meta10, and Meta1, respectively. Also, secondary dataobject 134C represents primary data objects 133A, 119B, and 129A as133A′, 119B′, and 129A′, respectively, accompanied by correspondingmetadata Meta9, Meta5, and Meta6, respectively.

Exemplary Information Management System Architecture

The information management system 100 can incorporate a variety ofdifferent hardware and software components, which can in turn beorganized with respect to one another in many different configurations,depending on the embodiment. There are critical design choices involvedin specifying the functional responsibilities of the components and therole of each component in the information management system 100. Forinstance, as will be discussed, such design choices can impactperformance as well as the adaptability of the information managementsystem 100 to data growth or other changing circumstances.

FIG. 10 shows an information management system 100 designed according tothese considerations and which includes: storage manager 140, acentralized storage and/or information manager that is configured toperform certain control functions, one or more data agents 142 executingon the client computing device(s) 102 configured to process primary data112, and one or more media agents 144 executing on the one or moresecondary storage computing devices 106 for performing tasks involvingthe secondary storage devices 108. While distributing functionalityamongst multiple computing devices can have certain advantages, in othercontexts it can be beneficial to consolidate functionality on the samecomputing device. As such, in various other embodiments, one or more ofthe components shown in FIG. 10 as being implemented on separatecomputing devices are implemented on the same computing device. In oneconfiguration, a storage manager 140, one or more data agents 142, andone or more media agents 144 are all implemented on the same computingdevice. In another embodiment, one or more data agents 142 and one ormore media agents 144 are implemented on the same computing device,while the storage manager 140 is implemented on a separate computingdevice, etc. without limitation.

Storage Manager

As noted, the number of components in the information management system100 and the amount of data under management can be quite large. Managingthe components and data is therefore a significant task, and a task thatcan grow in an often unpredictable fashion as the quantity of componentsand data scale to meet the needs of the organization. For these andother reasons, according to certain embodiments, responsibility forcontrolling the information management system 100, or at least asignificant portion of that responsibility, is allocated to the storagemanager 140. By distributing control functionality in this manner, thestorage manager 140 can be adapted independently according to changingcircumstances. Moreover, a computing device for hosting the storagemanager 140 can be selected to best suit the functions of the storagemanager 140. These and other advantages are described in further detailbelow with respect to FIG. 1D.

The storage manager 140 may be a software module or other application,which, in some embodiments operates in conjunction with one or moreassociated data structures, e.g., a dedicated database (e.g., managementdatabase 146). In some embodiments, storage manager 140 is a computingdevice comprising circuitry for executing computer instructions andperforms the functions described herein. The storage manager generallyinitiates, performs, coordinates and/or controls storage and otherinformation management operations performed by the informationmanagement system 100, e.g., to protect and control the primary data 112and secondary copies 116 of data and metadata. In general, storagemanager 100 may be said to manage information management system 100,which includes managing the constituent components, e.g., data agentsand media agents, etc.

As shown by the dashed arrowed lines 114 in FIG. 1C, the storage manager140 may communicate with and/or control some or all elements of theinformation management system 100, such as the data agents 142 and mediaagents 144. Thus, in certain embodiments, control information originatesfrom the storage manager 140 and status reporting is transmitted tostorage manager 140 by the various managed components, whereas payloaddata and payload metadata is generally communicated between the dataagents 142 and the media agents 144 (or otherwise between the clientcomputing device(s) 102 and the secondary storage computing device(s)106), e.g., at the direction of and under the management of the storagemanager 140. Control information can generally include parameters andinstructions for carrying out information management operations, suchas, without limitation, instructions to perform a task associated withan operation, timing information specifying when to initiate a taskassociated with an operation, data path information specifying whatcomponents to communicate with or access in carrying out an operation,and the like. Payload data, on the other hand, can include the actualdata involved in the storage operation, such as content data written toa secondary storage device 108 in a secondary copy operation. Payloadmetadata can include any of the types of metadata described herein, andmay be written to a storage device along with the payload content data(e.g., in the form of a header).

In other embodiments, some information management operations arecontrolled by other components in the information management system 100(e.g., the media agent(s) 144 or data agent(s) 142), instead of or incombination with the storage manager 140.

According to certain embodiments, the storage manager 140 provides oneor more of the following functions:

-   -   initiating execution of secondary copy operations;    -   managing secondary storage devices 108 and inventory/capacity of        the same;    -   reporting, searching, and/or classification of data in the        information management system 100;    -   allocating secondary storage devices 108 for secondary storage        operations;    -   monitoring completion of and providing status reporting related        to secondary storage operations;    -   tracking age information relating to secondary copies 116,        secondary storage devices 108, and comparing the age information        against retention guidelines;    -   tracking movement of data within the information management        system 100;    -   tracking logical associations between components in the        information management system 100;    -   protecting metadata associated with the information management        system 100; and    -   implementing operations management functionality.

The storage manager 140 may maintain a database 146 (or “storage managerdatabase 146” or “management database 146”) of management-related dataand information management policies 148. The database 146 may include amanagement index 150 (or “index 150”) or other data structure thatstores logical associations between components of the system, userpreferences and/or profiles (e.g., preferences regarding encryption,compression, or deduplication of primary or secondary copy data,preferences regarding the scheduling, type, or other aspects of primaryor secondary copy or other operations, mappings of particularinformation management users or user accounts to certain computingdevices or other components, etc.), management tasks, mediacontainerization, or other useful data. For example, the storage manager140 may use the index 150 to track logical associations between mediaagents 144 and secondary storage devices 108 and/or movement of datafrom primary storage devices 104 to secondary storage devices 108. Forinstance, the index 150 may store data associating a client computingdevice 102 with a particular media agent 144 and/or secondary storagedevice 108, as specified in an information management policy 148 (e.g.,a storage policy, which is defined in more detail below).

Administrators and other people may be able to configure and initiatecertain information management operations on an individual basis. Butwhile this may be acceptable for some recovery operations or otherrelatively less frequent tasks, it is often not workable forimplementing on-going organization-wide data protection and management.Thus, the information management system 100 may utilize informationmanagement policies 148 for specifying and executing informationmanagement operations (e.g., on an automated basis). Generally, aninformation management policy 148 can include a data structure or otherinformation source that specifies a set of parameters (e.g., criteriaand rules) associated with storage or other information managementoperations.

The storage manager database 146 may maintain the information managementpolicies 148 and associated data, although the information managementpolicies 148 can be stored in any appropriate location. For instance, aninformation management policy 148 such as a storage policy may be storedas metadata in a media agent database 152 or in a secondary storagedevice 108 (e.g., as an archive copy) for use in restore operations orother information management operations, depending on the embodiment.Information management policies 148 are described further below.

According to certain embodiments, the storage manager database 146comprises a relational database (e.g., an SQL database) for trackingmetadata, such as metadata associated with secondary copy operations(e.g., what client computing devices 102 and corresponding data wereprotected). This and other metadata may additionally be stored in otherlocations, such as at the secondary storage computing devices 106 or onthe secondary storage devices 108, allowing data recovery without theuse of the storage manager 140 in some cases.

As shown, the storage manager 140 may include a jobs agent 156, a userinterface 158, and a management agent 154, all of which may beimplemented as interconnected software modules or application programs.

The jobs agent 156 in some embodiments initiates, controls, and/ormonitors the status of some or all storage or other informationmanagement operations previously performed, currently being performed,or scheduled to be performed by the information management system 100.For instance, the jobs agent 156 may access information managementpolicies 148 to determine when and how to initiate and control secondarycopy and other information management operations, as will be discussedfurther.

The user interface 158 may include information processing and displaysoftware, such as a graphical user interface (“GUI”), an applicationprogram interface (“API”), or other interactive interface(s) throughwhich users and system processes can retrieve information about thestatus of information management operations (e.g., storage operations)or issue instructions to the information management system 100 and itsconstituent components. Via the user interface 158, users may optionallyissue instructions to the components in the information managementsystem 100 regarding performance of storage and recovery operations. Forexample, a user may modify a schedule concerning the number of pendingsecondary copy operations. As another example, a user may employ the GUIto view the status of pending storage operations or to monitor thestatus of certain components in the information management system 100(e.g., the amount of capacity left in a storage device).

An “information management cell” (or “storage operation cell” or “cell”)may generally include a logical and/or physical grouping of acombination of hardware and software components associated withperforming information management operations on electronic data,typically one storage manager 140 and at least one client computingdevice 102 (comprising data agent(s) 142) and at least one media agent144. For instance, the components shown in FIG. 10 may together form aninformation management cell. Multiple cells may be organizedhierarchically. With this configuration, cells may inherit propertiesfrom hierarchically superior cells or be controlled by other cells inthe hierarchy (automatically or otherwise). Alternatively, in someembodiments, cells may inherit or otherwise be associated withinformation management policies, preferences, information managementmetrics, or other properties or characteristics according to theirrelative position in a hierarchy of cells. Cells may also be delineatedand/or organized hierarchically according to function, geography,architectural considerations, or other factors useful or desirable inperforming information management operations. A first cell may representa geographic segment of an enterprise, such as a Chicago office, and asecond cell may represent a different geographic segment, such as a NewYork office. Other cells may represent departments within a particularoffice. Where delineated by function, a first cell may perform one ormore first types of information management operations (e.g., one or morefirst types of secondary or other copies), and a second cell may performone or more second types of information management operations (e.g., oneor more second types of secondary or other copies).

The storage manager 140 may also track information that permits it toselect, designate, or otherwise identify content indices, deduplicationdatabases, or similar databases or resources or data sets within itsinformation management cell (or another cell) to be searched in responseto certain queries. Such queries may be entered by the user viainteraction with the user interface 158. In general, the managementagent 154 allows multiple information management cells to communicatewith one another. For example, the information management system 100 insome cases may be one information management cell of a network ofmultiple cells adjacent to one another or otherwise logically related ina WAN or LAN. With this arrangement, the cells may be connected to oneanother through respective management agents 154.

For instance, the management agent 154 can provide the storage manager140 with the ability to communicate with other components within theinformation management system 100 (and/or other cells within a largerinformation management system) via network protocols and applicationprogramming interfaces (“APIs”) including, e.g., HTTP, HTTPS, FTP, REST,virtualization software APIs, cloud service provider APIs, and hostedservice provider APIs. Inter-cell communication and hierarchy isdescribed in greater detail in e.g., U.S. Pat. Nos. 7,747,579 and7,343,453, which are incorporated by reference herein.

Data Agents

As discussed, a variety of different types of applications 110 canoperate on a given client computing device 102, including operatingsystems, database applications, e-mail applications, and virtualmachines, just to name a few. And, as part of the process of creatingand restoring secondary copies 116, the client computing devices 102 maybe tasked with processing and preparing the primary data 112 from thesevarious different applications 110. Moreover, the nature of theprocessing/preparation can differ across clients and application types,e.g., due to inherent structural and formatting differences amongapplications 110.

The one or more data agent(s) 142 are therefore advantageouslyconfigured in some embodiments to assist in the performance ofinformation management operations based on the type of data that isbeing protected, at a client-specific and/or application-specific level.

The data agent 142 may be a software module or component that isgenerally responsible for managing, initiating, or otherwise assistingin the performance of information management operations in informationmanagement system 100, generally as directed by storage manager 140. Forinstance, the data agent 142 may take part in performing data storageoperations such as the copying, archiving, migrating, and/or replicatingof primary data 112 stored in the primary storage device(s) 104. Thedata agent 142 may receive control information from the storage manager140, such as commands to transfer copies of data objects, metadata, andother payload data to the media agents 144.

In some embodiments, a data agent 142 may be distributed between theclient computing device 102 and storage manager 140 (and any otherintermediate components) or may be deployed from a remote location orits functions approximated by a remote process that performs some or allof the functions of data agent 142. In addition, a data agent 142 mayperform some functions provided by a media agent 144, or may performother functions such as encryption and deduplication.

As indicated, each data agent 142 may be specialized for a particularapplication 110, and the system can employ multiple application-specificdata agents 142, each of which may perform information managementoperations (e.g., perform backup, migration, and data recovery)associated with a different application 110. For instance, differentindividual data agents 142 may be designed to handle Microsoft Exchangedata, Lotus Notes data, Microsoft Windows file system data, MicrosoftActive Directory Objects data, SQL Server data, SharePoint data, Oracledatabase data, SAP database data, virtual machines and/or associateddata, and other types of data.

A file system data agent, for example, may handle data files and/orother file system information. If a client computing device 102 has twoor more types of data, a specialized data agent 142 may be used for eachdata type to copy, archive, migrate, and restore the client computingdevice 102 data. For example, to backup, migrate, and/or restore all ofthe data on a Microsoft Exchange server, the client computing device 102may use a Microsoft Exchange Mailbox data agent 142 to backup theExchange mailboxes, a Microsoft Exchange Database data agent 142 tobackup the Exchange databases, a Microsoft Exchange Public Folder dataagent 142 to backup the Exchange Public Folders, and a Microsoft WindowsFile System data agent 142 to backup the file system of the clientcomputing device 102. In such embodiments, these specialized data agents142 may be treated as four separate data agents 142 even though theyoperate on the same client computing device 102.

Other embodiments may employ one or more generic data agents 142 thatcan handle and process data from two or more different applications 110,or that can handle and process multiple data types, instead of or inaddition to using specialized data agents 142. For example, one genericdata agent 142 may be used to back up, migrate and restore MicrosoftExchange Mailbox data and Microsoft Exchange Database data while anothergeneric data agent may handle Microsoft Exchange Public Folder data andMicrosoft Windows File System data.

Each data agent 142 may be configured to access data and/or metadatastored in the primary storage device(s) 104 associated with the dataagent 142 and process the data as appropriate. For example, during asecondary copy operation, the data agent 142 may arrange or assemble thedata and metadata into one or more files having a certain format (e.g.,a particular backup or archive format) before transferring the file(s)to a media agent 144 or other component. The file(s) may include a listof files or other metadata. Each data agent 142 can also assist inrestoring data or metadata to primary storage devices 104 from asecondary copy 116. For instance, the data agent 142 may operate inconjunction with the storage manager 140 and one or more of the mediaagents 144 to restore data from secondary storage device(s) 108.

Media Agents

As indicated above with respect to FIG. 1A, off-loading certainresponsibilities from the client computing devices 102 to intermediatecomponents such as the media agent(s) 144 can provide a number ofbenefits including improved client computing device 102 operation,faster secondary copy operation performance, and enhanced scalability.In one specific example which will be discussed below in further detail,the media agent 144 can act as a local cache of copied data and/ormetadata that it has stored to the secondary storage device(s) 108,providing improved restore capabilities.

Generally speaking, a media agent 144 may be implemented as a softwaremodule that manages, coordinates, and facilitates the transmission ofdata, as directed by the storage manager 140, between a client computingdevice 102 and one or more secondary storage devices 108. Whereas thestorage manager 140 controls the operation of the information managementsystem 100, the media agent 144 generally provides a portal to secondarystorage devices 108. For instance, other components in the systeminteract with the media agents 144 to gain access to data stored on thesecondary storage devices 108, whether it be for the purposes ofreading, writing, modifying, or deleting data. Moreover, as will bedescribed further, media agents 144 can generate and store informationrelating to characteristics of the stored data and/or metadata, or cangenerate and store other types of information that generally providesinsight into the contents of the secondary storage devices 108.

Media agents 144 can comprise separate nodes in the informationmanagement system 100 (e.g., nodes that are separate from the clientcomputing devices 102, storage manager 140, and/or secondary storagedevices 108). In general, a node within the information managementsystem 100 can be a logically and/or physically separate component, andin some cases is a component that is individually addressable orotherwise identifiable. In addition, each media agent 144 may operate ona dedicated secondary storage computing device 106 in some cases, whilein other embodiments a plurality of media agents 144 operate on the samesecondary storage computing device 106.

A media agent 144 (and corresponding media agent database 152) may beconsidered to be “associated with” a particular secondary storage device108 if that media agent 144 is capable of one or more of: routing and/orstoring data to the particular secondary storage device 108,coordinating the routing and/or storing of data to the particularsecondary storage device 108, retrieving data from the particularsecondary storage device 108, coordinating the retrieval of data from aparticular secondary storage device 108, and modifying and/or deletingdata retrieved from the particular secondary storage device 108.

While media agent(s) 144 are generally associated with one or moresecondary storage devices 108, one or more media agents 144 in certainembodiments are physically separate from the secondary storage devices108. For instance, the media agents 144 may operate on secondary storagecomputing devices 106 having different housings or packages than thesecondary storage devices 108. In one example, a media agent 144operates on a first server computer and is in communication with asecondary storage device(s) 108 operating in a separate, rack-mountedRAID-based system.

Where the information management system 100 includes multiple mediaagents 144 (see, e.g., FIG. 1D), a first media agent 144 may providefailover functionality for a second, failed media agent 144. Inaddition, media agents 144 can be dynamically selected for storageoperations to provide load balancing. Failover and load balancing aredescribed in greater detail below.

In operation, a media agent 144 associated with a particular secondarystorage device 108 may instruct the secondary storage device 108 toperform an information management operation. For instance, a media agent144 may instruct a tape library to use a robotic arm or other retrievalmeans to load or eject a certain storage media, and to subsequentlyarchive, migrate, or retrieve data to or from that media, e.g., for thepurpose of restoring the data to a client computing device 102. Asanother example, a secondary storage device 108 may include an array ofhard disk drives or solid state drives organized in a RAIDconfiguration, and the media agent 144 may forward a logical unit number(LUN) and other appropriate information to the array, which uses thereceived information to execute the desired storage operation. The mediaagent 144 may communicate with a secondary storage device 108 via asuitable communications link, such as a SCSI or Fiber Channel link.

As shown, each media agent 144 may maintain an associated media agentdatabase 152. The media agent database 152 may be stored in a disk orother storage device (not shown) that is local to the secondary storagecomputing device 106 on which the media agent 144 operates. In othercases, the media agent database 152 is stored remotely from thesecondary storage computing device 106.

The media agent database 152 can include, among other things, an index153 (see, e.g., FIG. 1C), which comprises information generated duringsecondary copy operations and other storage or information managementoperations. The index 153 provides a media agent 144 or other componentwith a fast and efficient mechanism for locating secondary copies 116 orother data stored in the secondary storage devices 108. In some cases,the index 153 does not form a part of and is instead separate from themedia agent database 152.

A media agent index 153 or other data structure associated with theparticular media agent 144 may include information about the storeddata. For instance, for each secondary copy 116, the index 153 mayinclude metadata such as a list of the data objects (e.g.,files/subdirectories, database objects, mailbox objects, etc.), a pathto the secondary copy 116 on the corresponding secondary storage device108, location information indicating where the data objects are storedin the secondary storage device 108, when the data objects were createdor modified, etc. Thus, the index 153 includes metadata associated withthe secondary copies 116 that is readily available for use withouthaving to be first retrieved from the secondary storage device 108. Inyet further embodiments, some or all of the information in index 153 mayinstead or additionally be stored along with the secondary copies ofdata in a secondary storage device 108. In some embodiments, thesecondary storage devices 108 can include sufficient information toperform a “bare metal restore”, where the operating system of a failedclient computing device 102 or other restore target is automaticallyrebuilt as part of a restore operation.

Because the index 153 maintained in the media agent database 152 mayoperate as a cache, it can also be referred to as “an index cache.” Insuch cases, information stored in the index cache 153 typicallycomprises data that reflects certain particulars about storageoperations that have occurred relatively recently. After some triggeringevent, such as after a certain period of time elapses, or the indexcache 153 reaches a particular size, the index cache 153 may be copiedor migrated to a secondary storage device(s) 108. This information mayneed to be retrieved and uploaded back into the index cache 153 orotherwise restored to a media agent 144 to facilitate retrieval of datafrom the secondary storage device(s) 108. In some embodiments, thecached information may include format or containerization informationrelated to archives or other files stored on the storage device(s) 108.In this manner, the index cache 153 allows for accelerated restores.

In some alternative embodiments the media agent 144 generally acts as acoordinator or facilitator of storage operations between clientcomputing devices 102 and corresponding secondary storage devices 108,but does not actually write the data to the secondary storage device108. For instance, the storage manager 140 (or the media agent 144) mayinstruct a client computing device 102 and secondary storage device 108to communicate with one another directly. In such a case the clientcomputing device 102 transmits the data directly or via one or moreintermediary components to the secondary storage device 108 according tothe received instructions, and vice versa. In some such cases, the mediaagent 144 may still receive, process, and/or maintain metadata relatedto the storage operations. Moreover, in these embodiments, the payloaddata can flow through the media agent 144 for the purposes of populatingthe index cache 153 maintained in the media agent database 152, but notfor writing to the secondary storage device 108.

The media agent 144 and/or other components such as the storage manager140 may in some cases incorporate additional functionality, such as dataclassification, content indexing, deduplication, encryption,compression, and the like. Further details regarding these and otherfunctions are described below.

Distributed, Scalable Architecture

As described, certain functions of the information management system 100can be distributed amongst various physical and/or logical components inthe system. For instance, one or more of the storage manager 140, dataagents 142, and media agents 144 may operate on computing devices thatare physically separate from one another. This architecture can providea number of benefits.

For instance, hardware and software design choices for each distributedcomponent can be targeted to suit its particular function. The secondarycomputing devices 106 on which the media agents 144 operate can betailored for interaction with associated secondary storage devices 108and provide fast index cache operation, among other specific tasks.Similarly, the client computing device(s) 102 can be selected toeffectively service the applications 110 thereon, in order toefficiently produce and store primary data 112.

Moreover, in some cases, one or more of the individual components in theinformation management system 100 can be distributed to multiple,separate computing devices. As one example, for large file systems wherethe amount of data stored in the management database 146 is relativelylarge, the database 146 may be migrated to or otherwise reside on aspecialized database server (e.g., an SQL server) separate from a serverthat implements the other functions of the storage manager 140. Thisdistributed configuration can provide added protection because thedatabase 146 can be protected with standard database utilities (e.g.,SQL log shipping or database replication) independent from otherfunctions of the storage manager 140. The database 146 can beefficiently replicated to a remote site for use in the event of adisaster or other data loss at the primary site. Or the database 146 canbe replicated to another computing device within the same site, such asto a higher performance machine in the event that a storage manager hostdevice can no longer service the needs of a growing informationmanagement system 100.

The distributed architecture also provides both scalability andefficient component utilization. FIG. 1D shows an embodiment of theinformation management system 100 including a plurality of clientcomputing devices 102 and associated data agents 142 as well as aplurality of secondary storage computing devices 106 and associatedmedia agents 144.

Additional components can be added or subtracted based on the evolvingneeds of the information management system 100. For instance, dependingon where bottlenecks are identified, administrators can add additionalclient computing devices 102, secondary storage computing devices 106(and corresponding media agents 144), and/or secondary storage devices108. Moreover, where multiple fungible components are available, loadbalancing can be implemented to dynamically address identifiedbottlenecks. As an example, the storage manager 140 may dynamicallyselect which media agents 144 and/or secondary storage devices 108 touse for storage operations based on a processing load analysis of themedia agents 144 and/or secondary storage devices 108, respectively.

Moreover, each client computing device 102 in some embodiments cancommunicate with, among other components, any of the media agents 144,e.g., as directed by the storage manager 140. And each media agent 144may be able to communicate with, among other components, any of thesecondary storage devices 108, e.g., as directed by the storage manager140. Thus, operations can be routed to the secondary storage devices 108in a dynamic and highly flexible manner, to provide load balancing,failover, and the like. Further examples of scalable systems capable ofdynamic storage operations, and of systems capable of performing loadbalancing and fail over are provided in U.S. Pat. No. 7,246,207, whichis incorporated by reference herein.

In alternative configurations, certain components are not distributedand may instead reside and execute on the same computing device. Forexample, in some embodiments, one or more data agents 142 and thestorage manager 140 operate on the same client computing device 102. Inanother embodiment, one or more data agents 142 and one or more mediaagents 144 operate on a single computing device.

Exemplary Types of Information Management Operations

In order to protect and leverage stored data, the information managementsystem 100 can be configured to perform a variety of informationmanagement operations. As will be described, these operations cangenerally include secondary copy and other data movement operations,processing and data manipulation operations, analysis, reporting, andmanagement operations. The operations described herein may be performedon any type of computing device, e.g., between two computers connectedvia a LAN, to a mobile client telecommunications device connected to aserver via a WLAN, to any manner of client computing device coupled to acloud storage target, etc., without limitation.

Data Movement Operations

Data movement operations according to certain embodiments are generallyoperations that involve the copying or migration of data (e.g., payloaddata) between different locations in the information management system100 in an original/native and/or one or more different formats. Forexample, data movement operations can include operations in which storeddata is copied, migrated, or otherwise transferred from one or morefirst storage devices to one or more second storage devices, such asfrom primary storage device(s) 104 to secondary storage device(s) 108,from secondary storage device(s) 108 to different secondary storagedevice(s) 108, from secondary storage devices 108 to primary storagedevices 104, or from primary storage device(s) 104 to different primarystorage device(s) 104.

Data movement operations can include by way of example, backupoperations, archive operations, information lifecycle managementoperations such as hierarchical storage management operations,replication operations (e.g., continuous data replication operations),snapshot operations, deduplication or single-instancing operations,auxiliary copy operations, and the like. As will be discussed, some ofthese operations involve the copying, migration or other movement ofdata, without actually creating multiple, distinct copies. Nonetheless,some or all of these operations are referred to as “copy” operations forsimplicity.

Backup Operations

A backup operation creates a copy of a version of data (e.g., one ormore files or other data units) in primary data 112 at a particularpoint in time. Each subsequent backup copy may be maintainedindependently of the first. Further, a backup copy in some embodimentsis generally stored in a form that is different than the native format,e.g., a backup format. This can be in contrast to the version in primarydata 112 from which the backup copy is derived, and which may instead bestored in a native format of the source application(s) 110. In variouscases, backup copies can be stored in a format in which the data iscompressed, encrypted, deduplicated, and/or otherwise modified from theoriginal application format. For example, a backup copy may be stored ina backup format that facilitates compression and/or efficient long-termstorage.

Backup copies can have relatively long retention periods as compared toprimary data 112, and may be stored on media with slower retrieval timesthan primary data 112 and certain other types of secondary copies 116.On the other hand, backups may have relatively shorter retention periodsthan some other types of secondary copies 116, such as archive copies(described below). Backups may sometimes be stored at on offsitelocation.

Backup operations can include full backups, differential backups,incremental backups, “synthetic full” backups, and/or creating a“reference copy.” A full backup (or “standard full backup”) in someembodiments is generally a complete image of the data to be protected.However, because full backup copies can consume a relatively largeamount of storage, it can be useful to use a full backup copy as abaseline and only store changes relative to the full backup copy forsubsequent backup copies.

For instance, a differential backup operation (or cumulative incrementalbackup operation) tracks and stores changes that have occurred since thelast full backup. Differential backups can grow quickly in size, but canprovide relatively efficient restore times because a restore can becompleted in some cases using only the full backup copy and the latestdifferential copy.

An incremental backup operation generally tracks and stores changessince the most recent backup copy of any type, which can greatly reducestorage utilization. In some cases, however, restore times can berelatively long in comparison to full or differential backups becausecompleting a restore operation may involve accessing a full backup inaddition to multiple incremental backups.

Synthetic full backups generally consolidate data without directlybacking up data from the client computing device. A synthetic fullbackup is created from the most recent full backup (i.e., standard orsynthetic) and subsequent incremental and/or differential backups. Theresulting synthetic full backup is identical to what would have beencreated had the last backup for the subclient been a standard fullbackup. Unlike standard full, incremental, and differential backups, asynthetic full backup does not actually transfer data from a clientcomputer to the backup media, because it operates as a backupconsolidator. A synthetic full backup extracts the index data of eachparticipating subclient. Using this index data and the previously backedup user data images, it builds new full backup images, one for eachsubclient. The new backup images consolidate the index and user datastored in the related incremental, differential, and previous fullbackups, in some embodiments creating an archive file at the subclientlevel.

Any of the above types of backup operations can be at the volume-level,file-level, or block-level. Volume level backup operations generallyinvolve the copying of a data volume (e.g., a logical disk or partition)as a whole. In a file-level backup, the information management system100 may generally track changes to individual files, and includes copiesof files in the backup copy. In the case of a block-level backup, filesare broken into constituent blocks, and changes are tracked at theblock-level. Upon restore, the information management system 100reassembles the blocks into files in a transparent fashion.

Far less data may actually be transferred and copied to the secondarystorage devices 108 during a file-level copy than a volume-level copy.Likewise, a block-level copy may involve the transfer of less data thana file-level copy, resulting in faster execution times. However,restoring a relatively higher-granularity copy can result in longerrestore times. For instance, when restoring a block-level copy, theprocess of locating constituent blocks can sometimes result in longerrestore times as compared to file-level backups. Similar to backupoperations, the other types of secondary copy operations describedherein can also be implemented at either the volume-level, file-level,or block-level.

For example, in some embodiments, a reference copy may comprisecopy(ies) of selected objects from backed up data, typically to helporganize data by keeping contextual information from multiple sourcestogether, and/or help retain specific data for a longer period of time,such as for legal hold needs. A reference copy generally maintains dataintegrity, and when the data is restored, it may be viewed in the sameformat as the source data. In some embodiments, a reference copy isbased on a specialized client, individual subclient and associatedinformation management policies (e.g., storage policy, retention policy,etc.) that are administered within information management system 100.

Archive Operations

Because backup operations generally involve maintaining a version of thecopied data in primary data 112 and also maintaining backup copies insecondary storage device(s) 108, they can consume significant storagecapacity. To help reduce storage consumption, an archive operationaccording to certain embodiments creates a secondary copy 116 by bothcopying and removing source data. Or, seen another way, archiveoperations can involve moving some or all of the source data to thearchive destination. Thus, data satisfying criteria for removal (e.g.,data of a threshold age or size) may be removed from source storage. Thesource data may be primary data 112 or a secondary copy 116, dependingon the situation. As with backup copies, archive copies can be stored ina format in which the data is compressed, encrypted, deduplicated,and/or otherwise modified from the format of the original application orsource copy. In addition, archive copies may be retained for relativelylong periods of time (e.g., years) and, in some cases, are neverdeleted. Archive copies are generally retained for longer periods oftime than backup copies, for example. In certain embodiments, archivecopies may be made and kept for extended periods in order to meetcompliance regulations.

Moreover, when primary data 112 is archived, in some cases thecorresponding primary data 112 or a portion thereof is deleted whencreating the archive copy. Thus, archiving can serve the purpose offreeing up space in the primary storage device(s) 104 and easing thedemand on computational resources on client computing device 102.Similarly, when a secondary copy 116 is archived, the secondary copy 116may be deleted, and an archive copy can therefore serve the purpose offreeing up space in secondary storage device(s) 108. In contrast, sourcecopies often remain intact when creating backup copies. Examples ofcompatible data archiving operations are provided in U.S. Pat. No.7,107,298, which is incorporated by reference herein.

Snapshot Operations

Snapshot operations can provide a relatively lightweight, efficientmechanism for protecting data. From an end-user viewpoint, a snapshotmay be thought of as an “instant” image of the primary data 112 at agiven point in time, and may include state and/or status informationrelative to an application that creates/manages the primary data. In oneembodiment, a snapshot may generally capture the directory structure ofan object in primary data 112 such as a file or volume or other data setat a particular moment in time and may also preserve file attributes andcontents. A snapshot in some cases is created relatively quickly, e.g.,substantially instantly, using a minimum amount of file space, but maystill function as a conventional file system backup.

A “hardware snapshot” (or “hardware-based snapshot”) operation can be asnapshot operation where a target storage device (e.g., a primarystorage device 104 or a secondary storage device 108) performs thesnapshot operation in a self-contained fashion, substantiallyindependently, using hardware, firmware and/or software operating on thestorage device itself. For instance, the storage device may be capableof performing snapshot operations upon request, generally withoutintervention or oversight from any of the other components in theinformation management system 100. In this manner, hardware snapshotscan off-load other components of information management system 100 fromprocessing involved in snapshot creation and management.

A “software snapshot” (or “software-based snapshot”) operation, on theother hand, can be a snapshot operation in which one or more othercomponents in information management system 100 (e.g., client computingdevices 102, data agents 142, etc.) implement a software layer thatmanages the snapshot operation via interaction with the target storagedevice. For instance, the component executing the snapshot managementsoftware layer may derive a set of pointers and/or data that representsthe snapshot. The snapshot management software layer may then transmitthe same to the target storage device, along with appropriateinstructions for writing the snapshot.

Some types of snapshots do not actually create another physical copy ofall the data as it existed at the particular point in time, but maysimply create pointers that are able to map files and directories tospecific memory locations (e.g., to specific disk blocks) where the dataresides, as it existed at the particular point in time. For example, asnapshot copy may include a set of pointers derived from the file systemor from an application. In some other cases, the snapshot may be createdat the block-level, such that creation of the snapshot occurs withoutawareness of the file system. Each pointer points to a respective storeddata block, so that collectively, the set of pointers reflect thestorage location and state of the data object (e.g., file(s) orvolume(s) or data set(s)) at a particular point in time when thesnapshot copy was created.

An initial snapshot may use only a small amount of disk space needed torecord a mapping or other data structure representing or otherwisetracking the blocks that correspond to the current state of the filesystem. Additional disk space is usually required only when files anddirectories are modified later on. Furthermore, when files are modified,typically only the pointers which map to blocks are copied, not theblocks themselves. In some embodiments, for example in the case of“copy-on-write” snapshots, when a block changes in primary storage, theblock is copied to secondary storage or cached in primary storage beforethe block is overwritten in primary storage, and the pointer to thatblock changed to reflect the new location of that block. The snapshotmapping of file system data may also be updated to reflect the changedblock(s) at that particular point in time. In some other cases, asnapshot includes a full physical copy of all or substantially all ofthe data represented by the snapshot. Further examples of snapshotoperations are provided in U.S. Pat. No. 7,529,782, which isincorporated by reference herein.

A snapshot copy in many cases can be made quickly and withoutsignificantly impacting primary computing resources because largeamounts of data need not be copied or moved. In some embodiments, asnapshot may exist as a virtual file system, parallel to the actual filesystem. Users in some cases gain read-only access to the record of filesand directories of the snapshot. By electing to restore primary data 112from a snapshot taken at a given point in time, users may also returnthe current file system to the state of the file system that existedwhen the snapshot was taken.

Replication Operations

Another type of secondary copy operation is a replication operation.Some types of secondary copies 116 are used to periodically captureimages of primary data 112 at particular points in time (e.g., backups,archives, and snapshots). However, it can also be useful for recoverypurposes to protect primary data 112 in a more continuous fashion, byreplicating the primary data 112 substantially as changes occur. In somecases a replication copy can be a mirror copy, for instance, wherechanges made to primary data 112 are mirrored or substantiallyimmediately copied to another location (e.g., to secondary storagedevice(s) 108). By copying each write operation to the replication copy,two storage systems are kept synchronized or substantially synchronizedso that they are virtually identical at approximately the same time.Where entire disk volumes are mirrored, however, mirroring can requiresignificant amount of storage space and utilizes a large amount ofprocessing resources.

According to some embodiments storage operations are performed onreplicated data that represents a recoverable state, or “known goodstate” of a particular application running on the source system. Forinstance, in certain embodiments, known good replication copies may beviewed as copies of primary data 112. This feature allows the system todirectly access, copy, restore, backup or otherwise manipulate thereplication copies as if the data were the “live” primary data 112. Thiscan reduce access time, storage utilization, and impact on sourceapplications 110, among other benefits. Based on known good stateinformation, the information management system 100 can replicatesections of application data that represent a recoverable state ratherthan rote copying of blocks of data. Examples of compatible replicationoperations (e.g., continuous data replication) are provided in U.S. Pat.No. 7,617,262, which is incorporated by reference herein.

Deduplication/Single-Instancing Operations

Another type of data movement operation is deduplication orsingle-instance storage, which is useful to reduce the amount ofnon-primary data. For instance, some or all of the above-describedsecondary storage operations can involve deduplication in some fashion.New data is read, broken down into portions (e.g., sub-file levelblocks, files, etc.) of a selected granularity, compared with blocksthat are already in secondary storage, and only the new blocks arestored. Blocks that already exist are represented as pointers to thealready stored data.

In order to streamline the comparison process, the informationmanagement system 100 may calculate and/or store signatures (e.g.,hashes or cryptographically unique IDs) corresponding to the individualdata blocks in a database and compare the signatures instead ofcomparing entire data blocks. In some cases, only a single instance ofeach element is stored, and deduplication operations may therefore bereferred to interchangeably as “single-instancing” operations. Dependingon the implementation, however, deduplication or single-instancingoperations can store more than one instance of certain data blocks, butnonetheless significantly reduce data redundancy. Depending on theembodiment, deduplication blocks can be of fixed or variable length.Using variable length blocks can provide enhanced deduplication byresponding to changes in the data stream, but can involve complexprocessing. In some cases, the information management system 100utilizes a technique for dynamically aligning deduplication blocks(e.g., fixed-length blocks) based on changing content in the datastream, as described in U.S. Pat. No. 8,364,652, which is incorporatedby reference herein.

The information management system 100 can perform deduplication in avariety of manners at a variety of locations in the informationmanagement system 100. For instance, in some embodiments, theinformation management system 100 implements “target-side” deduplicationby deduplicating data (e.g., secondary copies 116) stored in thesecondary storage devices 108. In some such cases, the media agents 144are generally configured to manage the deduplication process. Forinstance, one or more of the media agents 144 maintain a correspondingdeduplication database that stores deduplication information (e.g.,datablock signatures). Examples of such a configuration are provided inU.S. Pat. Pub. No. 2012/0150826, which is incorporated by referenceherein. Instead of or in combination with “target-side” deduplication,deduplication can also be performed on the “source-side” (or“client-side”), e.g., to reduce the amount of traffic between the mediaagents 144 and the client computing device(s) 102 and/or reduceredundant data stored in the primary storage devices 104. According tovarious implementations, one or more of the storage devices of thetarget-side and/or source-side of an operation can be cloud-basedstorage devices. Thus, the target-side and/or source-side deduplicationcan be cloud-based deduplication. In particular, as discussedpreviously, the storage manager 140 may communicate with othercomponents within the information management system 100 via networkprotocols and cloud service provider APIs to facilitate cloud-baseddeduplication/single instancing. Examples of such deduplicationtechniques are provided in U.S. Pat. Pub. No. 2012/0150818, which isincorporated by reference herein. Some other compatiblededuplication/single instancing techniques are described in U.S. Pat.Pub. Nos. 2006/0224846 and 2009/0319534, which are incorporated byreference herein.

Information Lifecycle Management and Hierarchical Storage ManagementOperations

In some embodiments, files and other data over their lifetime move frommore expensive, quick access storage to less expensive, slower accessstorage. Operations associated with moving data through various tiers ofstorage are sometimes referred to as information lifecycle management(ILM) operations.

One type of ILM operation is a hierarchical storage management (HSM)operation. A HSM operation is generally an operation for automaticallymoving data between classes of storage devices, such as betweenhigh-cost and low-cost storage devices. For instance, an HSM operationmay involve movement of data from primary storage devices 104 tosecondary storage devices 108, or between tiers of secondary storagedevices 108. With each tier, the storage devices may be progressivelyrelatively cheaper, have relatively slower access/restore times, etc.For example, movement of data between tiers may occur as data becomesless important over time.

In some embodiments, an HSM operation is similar to an archive operationin that creating an HSM copy may (though not always) involve deletingsome of the source data, e.g., according to one or more criteria relatedto the source data. For example, an HSM copy may include data fromprimary data 112 or a secondary copy 116 that is larger than a givensize threshold or older than a given age threshold and that is stored ina backup format.

Often, and unlike some types of archive copies, HSM data that is removedor aged from the source is replaced by a logical reference pointer orstub. The reference pointer or stub can be stored in the primary storagedevice 104 (or other source storage device, such as a secondary storagedevice 108) to replace the deleted source data and to point to orotherwise indicate the new location in a secondary storage device 108.

According to one example, files are generally moved between higher andlower cost storage depending on how often the files are accessed. When auser requests access to the HSM data that has been removed or migrated,the information management system 100 uses the stub to locate the dataand may make recovery of the data appear transparent, even though theHSM data may be stored at a location different from other source data.In this manner, the data appears to the user (e.g., in file systembrowsing windows and the like) as if it still resides in the sourcelocation (e.g., in a primary storage device 104). The stub may alsoinclude some metadata associated with the corresponding data, so that afile system and/or application can provide some information about thedata object and/or a limited-functionality version (e.g., a preview) ofthe data object.

An HSM copy may be stored in a format other than the native applicationformat (e.g., where the data is compressed, encrypted, deduplicated,and/or otherwise modified from the original native application format).In some cases, copies which involve the removal of data from sourcestorage and the maintenance of stub or other logical referenceinformation on source storage may be referred to generally as “on-linearchive copies”. On the other hand, copies which involve the removal ofdata from source storage without the maintenance of stub or otherlogical reference information on source storage may be referred to as“off-line archive copies”. Examples of HSM and ILM techniques areprovided in U.S. Pat. No. 7,343,453, which is incorporated by referenceherein.

Auxiliary Copy and Disaster Recovery Operations

An auxiliary copy is generally a copy operation in which a copy iscreated of an existing secondary copy 116. For instance, an initialsecondary copy 116 may be generated using or otherwise be derived fromprimary data 112 (or other data residing in the secondary storagesubsystem 118), whereas an auxiliary copy is generated from the initialsecondary copy 116. Auxiliary copies can be used to create additionalstandby copies of data and may reside on different secondary storagedevices 108 than the initial secondary copies 116. Thus, auxiliarycopies can be used for recovery purposes if initial secondary copies 116become unavailable. Exemplary compatible auxiliary copy techniques aredescribed in further detail in U.S. Pat. No. 8,230,195, which isincorporated by reference herein.

The information management system 100 may also perform disaster recoveryoperations that make or retain disaster recovery copies, often assecondary, high-availability disk copies. The information managementsystem 100 may create secondary disk copies and store the copies atdisaster recovery locations using auxiliary copy or replicationoperations, such as continuous data replication technologies. Dependingon the particular data protection goals, disaster recovery locations canbe remote from the client computing devices 102 and primary storagedevices 104, remote from some or all of the secondary storage devices108, or both.

Data Analysis, Reporting, and Management Operations

Data analysis, reporting, and management operations can be differentthan data movement operations in that they do not necessarily involvethe copying, migration or other transfer of data (e.g., primary data 112or secondary copies 116) between different locations in the system. Forinstance, data analysis operations may involve processing (e.g., offlineprocessing) or modification of already stored primary data 112 and/orsecondary copies 116. However, in some embodiments data analysisoperations are performed in conjunction with data movement operations.Some data analysis operations include content indexing operations andclassification operations which can be useful in leveraging the dataunder management to provide enhanced search and other features. Otherdata analysis operations such as compression and encryption can providedata reduction and security benefits, respectively.

Classification Operations/Content Indexing

In some embodiments, the information management system 100 analyzes andindexes characteristics, content, and metadata associated with theprimary data 112 and/or secondary copies 116. The content indexing canbe used to identify files or other data objects having pre-definedcontent (e.g., user-defined keywords or phrases, other keywords/phrasesthat are not defined by a user, etc.), and/or metadata (e.g., emailmetadata such as “to”, “from”, “cc”, “bcc”, attachment name, receivedtime, etc.).

The information management system 100 generally organizes and cataloguesthe results in a content index, which may be stored within the mediaagent database 152, for example. The content index can also include thestorage locations of (or pointer references to) the indexed data in theprimary data 112 or secondary copies 116, as appropriate. The resultsmay also be stored, in the form of a content index database orotherwise, elsewhere in the information management system 100 (e.g., inthe primary storage devices 104, or in the secondary storage device108). Such index data provides the storage manager 140 or anothercomponent with an efficient mechanism for locating primary data 112and/or secondary copies 116 of data objects that match particularcriteria.

For instance, search criteria can be specified by a user through userinterface 158 of the storage manager 140. In some cases, the informationmanagement system 100 analyzes data and/or metadata in secondary copies116 to create an “off-line” content index, without significantlyimpacting the performance of the client computing devices 102. Dependingon the embodiment, the system can also implement “on-line” contentindexing, e.g., of primary data 112. Examples of compatible contentindexing techniques are provided in U.S. Pat. No. 8,170,995, which isincorporated by reference herein.

One or more components can be configured to scan data and/or associatedmetadata for classification purposes to populate a database (or otherdata structure) of information, which can be referred to as a “dataclassification database” or a “metabase”. Depending on the embodiment,the data classification database(s) can be organized in a variety ofdifferent ways, including centralization, logical sub-divisions, and/orphysical sub-divisions. For instance, one or more centralized dataclassification databases may be associated with different subsystems ortiers within the information management system 100. As an example, theremay be a first centralized metabase associated with the primary storagesubsystem 117 and a second centralized metabase associated with thesecondary storage subsystem 118. In other cases, there may be one ormore metabases associated with individual components, e.g., clientcomputing devices 102 and/or media agents 144. In some embodiments, adata classification database (metabase) may reside as one or more datastructures within management database 146, or may be otherwiseassociated with storage manager 140.

In some cases, the metabase(s) may be included in separate database(s)and/or on separate storage device(s) from primary data 112 and/orsecondary copies 116, such that operations related to the metabase donot significantly impact performance on other components in theinformation management system 100. In other cases, the metabase(s) maybe stored along with primary data 112 and/or secondary copies 116. Filesor other data objects can be associated with identifiers (e.g., tagentries, etc.) in the media agent 144 (or other indices) to facilitatesearches of stored data objects. Among a number of other benefits, themetabase can also allow efficient, automatic identification of files orother data objects to associate with secondary copy or other informationmanagement operations (e.g., in lieu of scanning an entire file system).Examples of compatible metabases and data classification operations areprovided in U.S. Pat. Nos. 8,229,954 and 7,747,579, which areincorporated by reference herein.

Encryption Operations

The information management system 100 in some cases is configured toprocess data (e.g., files or other data objects, secondary copies 116,etc.), according to an appropriate encryption algorithm (e.g., Blowfish,Advanced Encryption Standard [AES], Triple Data Encryption Standard[3-DES], etc.) to limit access and provide data security in theinformation management system 100. The information management system 100in some cases encrypts the data at the client level, such that theclient computing devices 102 (e.g., the data agents 142) encrypt thedata prior to forwarding the data to other components, e.g., beforesending the data to media agents 144 during a secondary copy operation.In such cases, the client computing device 102 may maintain or haveaccess to an encryption key or passphrase for decrypting the data uponrestore. Encryption can also occur when creating copies of secondarycopies, e.g., when creating auxiliary copies or archive copies. In yetfurther embodiments, the secondary storage devices 108 can implementbuilt-in, high performance hardware encryption.

Management and Reporting Operations

Certain embodiments leverage the integrated, ubiquitous nature of theinformation management system 100 to provide useful system-widemanagement and reporting functions. Examples of some compatiblemanagement and reporting techniques are provided in U.S. Pat. No.7,343,453, which is incorporated by reference herein.

Operations management can generally include monitoring and managing thehealth and performance of information management system 100 by, withoutlimitation, performing error tracking, generating granularstorage/performance metrics (e.g., job success/failure information,deduplication efficiency, etc.), generating storage modeling and costinginformation, and the like. As an example, a storage manager 140 or othercomponent in the information management system 100 may analyze trafficpatterns and suggest and/or automatically route data via a particularroute to minimize congestion. In some embodiments, the system cangenerate predictions relating to storage operations or storage operationinformation. Such predictions, which may be based on a trendinganalysis, may predict various network operations or resource usage, suchas network traffic levels, storage media use, use of bandwidth ofcommunication links, use of media agent components, etc. Furtherexamples of traffic analysis, trend analysis, prediction generation, andthe like are described in U.S. Pat. No. 7,343,453, which is incorporatedby reference herein.

In some configurations, a master storage manager 140 may track thestatus of storage operation cells in a hierarchy, such as the status ofjobs, system components, system resources, and other items, bycommunicating with storage managers 140 (or other components) in therespective storage operation cells. Moreover, the master storage manager140 may track the status of its associated storage operation cells andinformation management operations by receiving periodic status updatesfrom the storage managers 140 (or other components) in the respectivecells regarding jobs, system components, system resources, and otheritems. In some embodiments, a master storage manager 140 may storestatus information and other information regarding its associatedstorage operation cells and other system information in its index 150(or other location).

The master storage manager 140 or other component may also determinewhether certain storage-related criteria or other criteria aresatisfied, and perform an action or trigger event (e.g., data migration)in response to the criteria being satisfied, such as where a storagethreshold is met for a particular volume, or where inadequate protectionexists for certain data. For instance, in some embodiments, data fromone or more storage operation cells is used to dynamically andautomatically mitigate recognized risks, and/or to advise users of risksor suggest actions to mitigate these risks. For example, an informationmanagement policy may specify certain requirements (e.g., that a storagedevice should maintain a certain amount of free space, that secondarycopies should occur at a particular interval, that data should be agedand migrated to other storage after a particular period, that data on asecondary volume should always have a certain level of availability andbe restorable within a given time period, that data on a secondaryvolume may be mirrored or otherwise migrated to a specified number ofother volumes, etc.). If a risk condition or other criterion istriggered, the system may notify the user of these conditions and maysuggest (or automatically implement) an action to mitigate or otherwiseaddress the risk. For example, the system may indicate that data from aprimary copy 112 should be migrated to a secondary storage device 108 tofree space on the primary storage device 104. Examples of the use ofrisk factors and other triggering criteria are described in U.S. Pat.No. 7,343,453, which is incorporated by reference herein.

In some embodiments, the system 100 may also determine whether a metricor other indication satisfies particular storage criteria and, if so,perform an action. For example, as previously described, a storagepolicy or other definition might indicate that a storage manager 140should initiate a particular action if a storage metric or otherindication drops below or otherwise fails to satisfy specified criteriasuch as a threshold of data protection. Examples of such metrics aredescribed in U.S. Pat. No. 7,343,453, which is incorporated by referenceherein.

In some embodiments, risk factors may be quantified into certainmeasurable service or risk levels for ease of comprehension. Forexample, certain applications and associated data may be considered tobe more important by an enterprise than other data and services.Financial compliance data, for example, may be of greater importancethan marketing materials, etc. Network administrators may assignpriority values or “weights” to certain data and/or applications,corresponding to the relative importance. The level of compliance ofstorage operations specified for these applications may also be assigneda certain value. Thus, the health, impact, and overall importance of aservice may be determined, such as by measuring the compliance value andcalculating the product of the priority value and the compliance valueto determine the “service level” and comparing it to certain operationalthresholds to determine whether it is acceptable. Further examples ofthe service level determination are provided in U.S. Pat. No. 7,343,453,which is incorporated by reference herein.

The system 100 may additionally calculate data costing and dataavailability associated with information management operation cellsaccording to an embodiment of the invention. For instance, data receivedfrom the cell may be used in conjunction with hardware-relatedinformation and other information about system elements to determine thecost of storage and/or the availability of particular data in thesystem. Exemplary information generated could include how fast aparticular department is using up available storage space, how long datawould take to recover over a particular system pathway from a particularsecondary storage device, costs over time, etc. Moreover, in someembodiments, such information may be used to determine or predict theoverall cost associated with the storage of certain information. Thecost associated with hosting a certain application may be based, atleast in part, on the type of media on which the data resides, forexample. Storage devices may be assigned to a particular costcategories, for example. Further examples of costing techniques aredescribed in U.S. Pat. No. 7,343,453, which is incorporated by referenceherein.

Any of the above types of information (e.g., information related totrending, predictions, job, cell or component status, risk, servicelevel, costing, etc.) can generally be provided to users via the userinterface 158 in a single, integrated view or console (not shown). Theconsole may support a reporting capability that allows for thegeneration of a variety of reports, which may be tailored to aparticular aspect of information management. Report types may include:scheduling, event management, media management and data aging. Availablereports may also include backup history, data aging history, auxiliarycopy history, job history, library and drive, media in library, restorehistory, and storage policy, etc., without limitation. Such reports maybe specified and created at a certain point in time as a systemanalysis, forecasting, or provisioning tool. Integrated reports may alsobe generated that illustrate storage and performance metrics, risks andstorage costing information. Moreover, users may create their ownreports based on specific needs.

The integrated user interface 158 can include an option to show a“virtual view” of the system that graphically depicts the variouscomponents in the system using appropriate icons. As one example, theuser interface 158 may provide a graphical depiction of one or moreprimary storage devices 104, the secondary storage devices 108, dataagents 142 and/or media agents 144, and their relationship to oneanother in the information management system 100. The operationsmanagement functionality can facilitate planning and decision-making.For example, in some embodiments, a user may view the status of some orall jobs as well as the status of each component of the informationmanagement system 100. Users may then plan and make decisions based onthis data. For instance, a user may view high-level informationregarding storage operations for the information management system 100,such as job status, component status, resource status (e.g.,communication pathways, etc.), and other information. The user may alsodrill down or use other means to obtain more detailed informationregarding a particular component, job, or the like. Further examples ofsome reporting techniques and associated interfaces providing anintegrated view of an information management system are provided in U.S.Pat. No. 7,343,453, which is incorporated by reference herein.

The information management system 100 can also be configured to performsystem-wide e-discovery operations in some embodiments. In general,e-discovery operations provide a unified collection and searchcapability for data in the system, such as data stored in the secondarystorage devices 108 (e.g., backups, archives, or other secondary copies116). For example, the information management system 100 may constructand maintain a virtual repository for data stored in the informationmanagement system 100 that is integrated across source applications 110,different storage device types, etc. According to some embodiments,e-discovery utilizes other techniques described herein, such as dataclassification and/or content indexing.

Information Management Policies

As indicated previously, an information management policy 148 caninclude a data structure or other information source that specifies aset of parameters (e.g., criteria and rules) associated with secondarycopy and/or other information management operations.

One type of information management policy 148 is a storage policy.According to certain embodiments, a storage policy generally comprises adata structure or other information source that defines (or includesinformation sufficient to determine) a set of preferences or othercriteria for performing information management operations. Storagepolicies can include one or more of the following items: (1) what datawill be associated with the storage policy; (2) a destination to whichthe data will be stored; (3) datapath information specifying how thedata will be communicated to the destination; (4) the type of storageoperation to be performed; and (5) retention information specifying howlong the data will be retained at the destination (see, e.g., FIG. 1E).

As an illustrative example, data associated with a storage policy can belogically organized into groups. In some cases, these logical groupingscan be referred to as “sub-clients”. A sub-client may represent staticor dynamic associations of portions of a data volume. Sub-clients mayrepresent mutually exclusive portions. Thus, in certain embodiments, aportion of data may be given a label and the association is stored as astatic entity in an index, database or other storage location.Sub-clients may also be used as an effective administrative scheme oforganizing data according to data type, department within theenterprise, storage preferences, or the like. Depending on theconfiguration, sub-clients can correspond to files, folders, virtualmachines, databases, etc. In one exemplary scenario, an administratormay find it preferable to separate e-mail data from financial data usingtwo different sub-clients.

A storage policy can define where data is stored by specifying a targetor destination storage device (or group of storage devices). Forinstance, where the secondary storage device 108 includes a group ofdisk libraries, the storage policy may specify a particular disk libraryfor storing the sub-clients associated with the policy. As anotherexample, where the secondary storage devices 108 include one or moretape libraries, the storage policy may specify a particular tape libraryfor storing the sub-clients associated with the storage policy, and mayalso specify a drive pool and a tape pool defining a group of tapedrives and a group of tapes, respectively, for use in storing thesub-client data. While information in the storage policy can bestatically assigned in some cases, some or all of the information in thestorage policy can also be dynamically determined based on criteria,which can be set forth in the storage policy. For instance, based onsuch criteria, a particular destination storage device(s) (or otherparameter of the storage policy) may be determined based oncharacteristics associated with the data involved in a particularstorage operation, device availability (e.g., availability of asecondary storage device 108 or a media agent 144), network status andconditions (e.g., identified bottlenecks), user credentials, and thelike).

Datapath information can also be included in the storage policy. Forinstance, the storage policy may specify network pathways and componentsto utilize when moving the data to the destination storage device(s). Insome embodiments, the storage policy specifies one or more media agents144 for conveying data associated with the storage policy between thesource (e.g., one or more host client computing devices 102) anddestination (e.g., a particular target secondary storage device 108).

A storage policy can also specify the type(s) of operations associatedwith the storage policy, such as a backup, archive, snapshot, auxiliarycopy, or the like. Retention information can specify how long the datawill be kept, depending on organizational needs (e.g., a number of days,months, years, etc.)

Another type of information management policy 148 is a schedulingpolicy, which specifies when and how often to perform operations.Scheduling parameters may specify with what frequency (e.g., hourly,weekly, daily, event-based, etc.) or under what triggering conditionssecondary copy or other information management operations will takeplace. Scheduling policies in some cases are associated with particularcomponents, such as particular logical groupings of data associated witha storage policy (e.g., a sub-client), client computing device 102, andthe like. In one configuration, a separate scheduling policy ismaintained for particular logical groupings of data on a clientcomputing device 102. The scheduling policy specifies that those logicalgroupings are to be moved to secondary storage devices 108 every houraccording to storage policies associated with the respectivesub-clients.

When adding a new client computing device 102, administrators canmanually configure information management policies 148 and/or othersettings, e.g., via the user interface 158. However, this can be aninvolved process resulting in delays, and it may be desirable to begindata protection operations quickly, without awaiting human intervention.Thus, in some embodiments, the information management system 100automatically applies a default configuration to client computing device102. As one example, when one or more data agent(s) 142 are installed onone or more client computing devices 102, the installation script mayregister the client computing device 102 with the storage manager 140,which in turn applies the default configuration to the new clientcomputing device 102. In this manner, data protection operations canbegin substantially immediately. The default configuration can include adefault storage policy, for example, and can specify any appropriateinformation sufficient to begin data protection operations. This caninclude a type of data protection operation, scheduling information, atarget secondary storage device 108, data path information (e.g., aparticular media agent 144), and the like.

Other types of information management policies 148 are possible,including one or more audit (or security) policies. An audit policy is aset of preferences, rules and/or criteria that protect sensitive data inthe information management system 100. For example, an audit policy maydefine “sensitive objects” as files or objects that contain particularkeywords (e.g., “confidential,” or “privileged”) and/or are associatedwith particular keywords (e.g., in metadata) or particular flags (e.g.,in metadata identifying a document or email as personal, confidential,etc.). An audit policy may further specify rules for handling sensitiveobjects. As an example, an audit policy may require that a reviewerapprove the transfer of any sensitive objects to a cloud storage site,and that if approval is denied for a particular sensitive object, thesensitive object should be transferred to a local primary storage device104 instead. To facilitate this approval, the audit policy may furtherspecify how a secondary storage computing device 106 or other systemcomponent should notify a reviewer that a sensitive object is slated fortransfer.

Another type of information management policy 148 is a provisioningpolicy. A provisioning policy can include a set of preferences,priorities, rules, and/or criteria that specify how client computingdevices 102 (or groups thereof) may utilize system resources, such asavailable storage on cloud storage and/or network bandwidth. Aprovisioning policy specifies, for example, data quotas for particularclient computing devices 102 (e.g., a number of gigabytes that can bestored monthly, quarterly or annually). The storage manager 140 or othercomponents may enforce the provisioning policy. For instance, the mediaagents 144 may enforce the policy when transferring data to secondarystorage devices 108. If a client computing device 102 exceeds a quota, abudget for the client computing device 102 (or associated department) isadjusted accordingly or an alert may trigger.

While the above types of information management policies 148 have beendescribed as separate policies, one or more of these can be generallycombined into a single information management policy 148. For instance,a storage policy may also include or otherwise be associated with one ormore scheduling, audit, or provisioning policies or operationalparameters thereof. Moreover, while storage policies are typicallyassociated with moving and storing data, other policies may beassociated with other types of information management operations. Thefollowing is a non-exhaustive list of items the information managementpolicies 148 may specify:

-   -   schedules or other timing information, e.g., specifying when        and/or how often to perform information management operations;    -   the type of copy 116 (e.g., type of secondary copy) and/or copy        format (e.g., snapshot, backup, archive, HSM, etc.);    -   a location or a class or quality of storage for storing        secondary copies 116 (e.g., one or more particular secondary        storage devices 108);    -   preferences regarding whether and how to encrypt, compress,        deduplicate, or otherwise modify or transform secondary copies        116;    -   which system components and/or network pathways (e.g., preferred        media agents 144) should be used to perform secondary storage        operations;    -   resource allocation among different computing devices or other        system components used in performing information management        operations (e.g., bandwidth allocation, available storage        capacity, etc.);    -   whether and how to synchronize or otherwise distribute files or        other data objects across multiple computing devices or hosted        services; and    -   retention information specifying the length of time primary data        112 and/or secondary copies 116 should be retained, e.g., in a        particular class or tier of storage devices, or within the        information management system 100.

Policies can additionally specify or depend on a variety of historicalor current criteria that may be used to determine which rules to applyto a particular data object, system component, or information managementoperation, such as:

-   -   frequency with which primary data 112 or a secondary copy 116 of        a data object or metadata has been or is predicted to be used,        accessed, or modified;    -   time-related factors (e.g., aging information such as time since        the creation or modification of a data object);    -   deduplication information (e.g., hashes, data blocks,        deduplication block size, deduplication efficiency or other        metrics);    -   an estimated or historic usage or cost associated with different        components (e.g., with secondary storage devices 108);    -   the identity of users, applications 110, client computing        devices 102 and/or other computing devices that created,        accessed, modified, or otherwise utilized primary data 112 or        secondary copies 116;    -   a relative sensitivity (e.g., confidentiality, importance) of a        data object, e.g., as determined by its content and/or metadata;    -   the current or historical storage capacity of various storage        devices;    -   the current or historical network capacity of network pathways        connecting various components within the storage operation cell;    -   access control lists or other security information; and    -   the content of a particular data object (e.g., its textual        content) or of metadata associated with the data object.        Exemplary Storage Policy and Secondary Storage Operations

FIG. 1E includes a data flow diagram depicting performance of storageoperations by an embodiment of an information management system 100,according to an exemplary storage policy 148A. The informationmanagement system 100 includes a storage manger 140, a client computingdevice 102 having a file system data agent 142A and an email data agent142B operating thereon, a primary storage device 104, two media agents144A, 144B, and two secondary storage devices 108A, 108B: a disk library108A and a tape library 108B. As shown, the primary storage device 104includes primary data 112A, which is associated with a logical groupingof data associated with a file system, and primary data 112B, which isassociated with a logical grouping of data associated with email.Although for simplicity the logical grouping of data associated with thefile system is referred to as a file system sub-client, and the logicalgrouping of data associated with the email is referred to as an emailsub-client, the techniques described with respect to FIG. 1E can beutilized in conjunction with data that is organized in a variety ofother manners.

As indicated by the dashed box, the second media agent 144B and the tapelibrary 108B are “off-site”, and may therefore be remotely located fromthe other components in the information management system 100 (e.g., ina different city, office building, etc.). Indeed, “off-site” may referto a magnetic tape located in storage, which must be manually retrievedand loaded into a tape drive to be read. In this manner, informationstored on the tape library 108B may provide protection in the event of adisaster or other failure.

The file system sub-client and its associated primary data 112A incertain embodiments generally comprise information generated by the filesystem and/or operating system of the client computing device 102, andcan include, for example, file system data (e.g., regular files, filetables, mount points, etc.), operating system data (e.g., registries,event logs, etc.), and the like. The e-mail sub-client, on the otherhand, and its associated primary data 112B, include data generated by ane-mail application operating on the client computing device 102, and caninclude mailbox information, folder information, emails, attachments,associated database information, and the like. As described above, thesub-clients can be logical containers, and the data included in thecorresponding primary data 112A, 112B may or may not be storedcontiguously.

The exemplary storage policy 148A includes backup copy preferences (orrule set) 160, disaster recovery copy preferences rule set 162, andcompliance copy preferences or rule set 164. The backup copy rule set160 specifies that it is associated with a file system sub-client 166and an email sub-client 168. Each of these sub-clients 166, 168 areassociated with the particular client computing device 102. The backupcopy rule set 160 further specifies that the backup operation will bewritten to the disk library 108A, and designates a particular mediaagent 144A to convey the data to the disk library 108A. Finally, thebackup copy rule set 160 specifies that backup copies created accordingto the rule set 160 are scheduled to be generated on an hourly basis andto be retained for 30 days. In some other embodiments, schedulinginformation is not included in the storage policy 148A, and is insteadspecified by a separate scheduling policy.

The disaster recovery copy rule set 162 is associated with the same twosub-clients 166, 168. However, the disaster recovery copy rule set 162is associated with the tape library 108B, unlike the backup copy ruleset 160. Moreover, the disaster recovery copy rule set 162 specifiesthat a different media agent, namely 144B, will be used to convey thedata to the tape library 108B. As indicated, disaster recovery copiescreated according to the rule set 162 will be retained for 60 days, andwill be generated on a daily basis. Disaster recovery copies generatedaccording to the disaster recovery copy rule set 162 can provideprotection in the event of a disaster or other catastrophic data lossthat would affect the backup copy 116A maintained on the disk library108A.

The compliance copy rule set 164 is only associated with the emailsub-client 168, and not the file system sub-client 166. Compliancecopies generated according to the compliance copy rule set 164 willtherefore not include primary data 112A from the file system sub-client166. For instance, the organization may be under an obligation to storeand maintain copies of email data for a particular period of time (e.g.,10 years) to comply with state or federal regulations, while similarregulations do not apply to the file system data. The compliance copyrule set 164 is associated with the same tape library 108B and mediaagent 144B as the disaster recovery copy rule set 162, although adifferent storage device or media agent could be used in otherembodiments. Finally, the compliance copy rule set 164 specifies thatcopies generated under the compliance copy rule set 164 will be retainedfor 10 years, and will be generated on a quarterly basis.

At step 1, the storage manager 140 initiates a backup operationaccording to the backup copy rule set 160. For instance, a schedulingservice running on the storage manager 140 accesses schedulinginformation from the backup copy rule set 160 or a separate schedulingpolicy associated with the client computing device 102, and initiates abackup copy operation on an hourly basis. Thus, at the scheduled timeslot the storage manager 140 sends instructions to the client computingdevice 102 (i.e., to both data agent 142A and data agent 142B) to beginthe backup operation.

At step 2, the file system data agent 142A and the email data agent 142Boperating on the client computing device 102 respond to the instructionsreceived from the storage manager 140 by accessing and processing theprimary data 112A, 112B involved in the copy operation, which can befound in primary storage device 104. Because the operation is a backupcopy operation, the data agent(s) 142A, 142B may format the data into abackup format or otherwise process the data.

At step 3, the client computing device 102 communicates the retrieved,processed data to the first media agent 144A, as directed by the storagemanager 140, according to the backup copy rule set 160. In some otherembodiments, the information management system 100 may implement aload-balancing, availability-based, or other appropriate algorithm toselect from the available set of media agents 144A, 144B. Regardless ofthe manner the media agent 144A is selected, the storage manager 140 mayfurther keep a record in the storage manager database 146 of theassociation between the selected media agent 144A and the clientcomputing device 102 and/or between the selected media agent 144A andthe backup copy 116A.

The target media agent 144A receives the data from the client computingdevice 102, and at step 4 conveys the data to the disk library 108A tocreate the backup copy 116A, again at the direction of the storagemanager 140 and according to the backup copy rule set 160. The secondarystorage device 108A can be selected in other ways. For instance, themedia agent 144A may have a dedicated association with a particularsecondary storage device(s), or the storage manager 140 or media agent144A may select from a plurality of secondary storage devices, e.g.,according to availability, using one of the techniques described in U.S.Pat. No. 7,246,207, which is incorporated by reference herein.

The media agent 144A can also update its index 153 to include dataand/or metadata related to the backup copy 116A, such as informationindicating where the backup copy 116A resides on the disk library 108A,data and metadata for cache retrieval, etc. The storage manager 140 maysimilarly update its index 150 to include information relating to thestorage operation, such as information relating to the type of storageoperation, a physical location associated with one or more copiescreated by the storage operation, the time the storage operation wasperformed, status information relating to the storage operation, thecomponents involved in the storage operation, and the like. In somecases, the storage manager 140 may update its index 150 to include someor all of the information stored in the index 153 of the media agent144A. After the 30 day retention period expires, the storage manager 140instructs the media agent 144A to delete the backup copy 116A from thedisk library 108A. Indexes 150 and/or 153 are updated accordingly.

At step 5, the storage manager 140 initiates the creation of a disasterrecovery copy 116B according to the disaster recovery copy rule set 162.

At step 6, illustratively based on the instructions received from thestorage manager 140 at step 5, the specified media agent 144B retrievesthe most recent backup copy 116A from the disk library 108A.

At step 7, again at the direction of the storage manager 140 and asspecified in the disaster recovery copy rule set 162, the media agent144B uses the retrieved data to create a disaster recovery copy 116B onthe tape library 108B. In some cases, the disaster recovery copy 116B isa direct, mirror copy of the backup copy 116A, and remains in the backupformat. In other embodiments, the disaster recovery copy 116B may begenerated in some other manner, such as by using the primary data 112A,112B from the primary storage device 104 as source data. The disasterrecovery copy operation is initiated once a day and the disasterrecovery copies 116B are deleted after 60 days; indexes are updatedaccordingly when/after each information management operation isexecuted/completed.

At step 8, the storage manager 140 initiates the creation of acompliance copy 116C, according to the compliance copy rule set 164. Forinstance, the storage manager 140 instructs the media agent 144B tocreate the compliance copy 116C on the tape library 108B at step 9, asspecified in the compliance copy rule set 164. In the example, thecompliance copy 116C is generated using the disaster recovery copy 116B.In other embodiments, the compliance copy 116C is instead generatedusing either the primary data 112B corresponding to the email sub-clientor using the backup copy 116A from the disk library 108A as source data.As specified, in the illustrated example, compliance copies 116C arecreated quarterly, and are deleted after ten years, and indexes are keptup-to-date accordingly.

While not shown in FIG. 1E, at some later point in time, a restoreoperation can be initiated involving one or more of the secondary copies116A, 116B, 116C. As one example, a user may manually initiate a restoreof the backup copy 116A by interacting with the user interface 158 ofthe storage manager 140. The storage manager 140 then accesses data inits index 150 (and/or the respective storage policy 148A) associatedwith the selected backup copy 116A to identify the appropriate mediaagent 144A and/or secondary storage device 108A.

In other cases, a media agent may be selected for use in the restoreoperation based on a load balancing algorithm, an availability basedalgorithm, or other criteria. The selected media agent 144A retrievesthe data from the disk library 108A. For instance, the media agent 144Amay access its index 153 to identify a location of the backup copy 116Aon the disk library 108A, or may access location information residing onthe disk 108A itself.

When the backup copy 116A was recently created or accessed, the mediaagent 144A accesses a cached version of the backup copy 116A residing inthe index 153, without having to access the disk library 108A for someor all of the data. Once it has retrieved the backup copy 116A, themedia agent 144A communicates the data to the source client computingdevice 102. Upon receipt, the file system data agent 142A and the emaildata agent 142B may unpackage (e.g., restore from a backup format to thenative application format) the data in the backup copy 116A and restorethe unpackaged data to the primary storage device 104.

Exemplary Applications of Storage Policies

The storage manager 140 may permit a user to specify aspects of thestorage policy 148A. For example, the storage policy can be modified toinclude information governance policies to define how data should bemanaged in order to comply with a certain regulation or businessobjective. The various policies may be stored, for example, in themanagement database 146. An information governance policy may comprise aclassification policy, which is described herein. An informationgovernance policy may align with one or more compliance tasks that areimposed by regulations or business requirements. Examples of informationgovernance policies might include a Sarbanes-Oxley policy, a HIPAApolicy, an electronic discovery (E-Discovery) policy, and so on.

Information governance policies allow administrators to obtain differentperspectives on all of an organization's online and offline data,without the need for a dedicated data silo created solely for eachdifferent viewpoint. As described previously, the data storage systemsherein build a centralized index that reflects the contents of adistributed data set that spans numerous clients and storage devices,including both primary and secondary copies, and online and offlinecopies. An organization may apply multiple information governancepolicies in a top-down manner over that unified data set and indexingschema in order to permit an organization to view and manipulate thesingle data set through different lenses, each of which is adapted to aparticular compliance or business goal. Thus, for example, by applyingan E-discovery policy and a Sarbanes-Oxley policy, two different groupsof users in an organization can conduct two very different analyses ofthe same underlying physical set of data copies, which may bedistributed throughout the organization and information managementsystem.

A classification policy defines a taxonomy of classification terms ortags relevant to a compliance task and/or business objective. Aclassification policy may also associate a defined tag with aclassification rule. A classification rule defines a particularcombination of criteria, such as users who have created, accessed ormodified a document or data object; file or application types; contentor metadata keywords; clients or storage locations; dates of datacreation and/or access; review status or other status within a workflow(e.g., reviewed or un-reviewed); modification times or types ofmodifications; and/or any other data attributes in any combination,without limitation. A classification rule may also be defined usingother classification tags in the taxonomy. The various criteria used todefine a classification rule may be combined in any suitable fashion,for example, via Boolean operators, to define a complex classificationrule. As an example, an E-discovery classification policy might define aclassification tag “privileged” that is associated with documents ordata objects that (1) were created or modified by legal departmentstaff, or (2) were sent to or received from outside counsel via email,or (3) contain one of the following keywords: “privileged” or “attorney”or “counsel”, or other like terms.

One specific type of classification tag, which may be added to an indexat the time of indexing, is an entity tag. An entity tag may be, forexample, any content that matches a defined data mask format. Examplesof entity tags might include, e.g., social security numbers (e.g., anynumerical content matching the formatting mask XXX-XX-XXXX), credit cardnumbers (e.g., content having a 13-16 digit string of numbers), SKUnumbers, product numbers, etc.

A user may define a classification policy by indicating criteria,parameters or descriptors of the policy via a graphical user interface,such as a form or page with fields to be filled in, pull-down menus orentries allowing one or more of several options to be selected, buttons,sliders, hypertext links or other known user interface tools forreceiving user input, etc. For example, a user may define certain entitytags, such as a particular product number or project ID code that isrelevant in the organization. In some implementations, theclassification policy can be implemented using cloud-based techniques.For example, the storage devices may be cloud storage devices, and thestorage manager 140 may execute cloud service provider API over anetwork to classify data stored on cloud storage devices.

Exemplary Secondary Copy Formatting

The formatting and structure of secondary copies 116 can vary, dependingon the embodiment. In some cases, secondary copies 116 are formatted asa series of logical data units or “chunks” (e.g., 512 MB, 1 GB, 2 GB, 4GB, or 8 GB chunks). This can facilitate efficient communication andwriting to secondary storage devices 108, e.g., according to resourceavailability. For example, a single secondary copy 116 may be written ona chunk-by-chunk basis to a single secondary storage device 108 oracross multiple secondary storage devices 108. In some cases, users canselect different chunk sizes, e.g., to improve throughput to tapestorage devices.

Generally, each chunk can include a header and a payload. The payloadcan include files (or other data units) or subsets thereof included inthe chunk, whereas the chunk header generally includes metadata relatingto the chunk, some or all of which may be derived from the payload. Forexample, during a secondary copy operation, the media agent 144, storagemanager 140, or other component may divide the associated files intochunks and generate headers for each chunk by processing the constituentfiles. The headers can include a variety of information such as fileidentifier(s), volume(s), offset(s), or other information associatedwith the payload data items, a chunk sequence number, etc. Importantly,in addition to being stored with the secondary copy 116 on the secondarystorage device 108, the chunk headers can also be stored to the index153 of the associated media agent(s) 144 and/or the index 150. This isuseful in some cases for providing faster processing of secondary copies116 during restores or other operations. In some cases, once a chunk issuccessfully transferred to a secondary storage device 108, thesecondary storage device 108 returns an indication of receipt, e.g., tothe media agent 144 and/or storage manager 140, which may update theirrespective indexes 153, 150 accordingly. During restore, chunks may beprocessed (e.g., by the media agent 144) according to the information inthe chunk header to reassemble the files.

Data can also be communicated within the information management system100 in data channels that connect the client computing devices 102 tothe secondary storage devices 108. These data channels can be referredto as “data streams”, and multiple data streams can be employed toparallelize an information management operation, improving data transferrate, among providing other advantages. Example data formattingtechniques including techniques involving data streaming, chunking, andthe use of other data structures in creating copies (e.g., secondarycopies) are described in U.S. Pat. Nos. 7,315,923 and 8,156,086, and8,578,120, each of which is incorporated by reference herein.

FIGS. 1F and 1G are diagrams of example data streams 170 and 171,respectively, which may be employed for performing data storageoperations. Referring to FIG. 1F, the data agent 142 forms the datastream 170 from the data associated with a client computing device 102(e.g., primary data 112). The data stream 170 is composed of multiplepairs of stream header 172 and stream data (or stream payload) 174. Thedata streams 170 and 171 shown in the illustrated example are for asingle-instanced storage operation, and a stream payload 174 thereforemay include both single-instance (“SI”) data and/or non-SI data. Astream header 172 includes metadata about the stream payload 174. Thismetadata may include, for example, a length of the stream payload 174,an indication of whether the stream payload 174 is encrypted, anindication of whether the stream payload 174 is compressed, an archivefile identifier (ID), an indication of whether the stream payload 174 issingle instanceable, and an indication of whether the stream payload 174is a start of a block of data.

Referring to FIG. 1G, the data stream 171 has the stream header 172 andstream payload 174 aligned into multiple data blocks. In this example,the data blocks are of size 64 KB. The first two stream header 172 andstream payload 174 pairs comprise a first data block of size 64 KB. Thefirst stream header 172 indicates that the length of the succeedingstream payload 174 is 63 KB and that it is the start of a data block.The next stream header 172 indicates that the succeeding stream payload174 has a length of 1 KB and that it is not the start of a new datablock. Immediately following stream payload 174 is a pair comprising anidentifier header 176 and identifier data 178. The identifier header 176includes an indication that the succeeding identifier data 178 includesthe identifier for the immediately previous data block. The identifierdata 178 includes the identifier that the data agent 142 generated forthe data block. The data stream 171 also includes other stream header172 and stream payload 174 pairs, which may be for SI data and/or fornon-SI data.

FIG. 1H is a diagram illustrating the data structures 180 that may beused to store blocks of SI data and non-SI data on the storage device(e.g., secondary storage device 108). According to certain embodiments,the data structures 180 do not form part of a native file system of thestorage device. The data structures 180 include one or more volumefolders 182, one or more chunk folders 184/185 within the volume folder182, and multiple files within the chunk folder 184. Each chunk folder184/185 includes a metadata file 186/187, a metadata index file 188/189,one or more container files 190/191/193, and a container index file192/194. The metadata file 186/187 stores non-SI data blocks as well aslinks to SI data blocks stored in container files. The metadata indexfile 188/189 stores an index to the data in the metadata file 186/187.The container files 190/191/193 store SI data blocks. The containerindex file 192/194 stores an index to the container files 190/191/193.Among other things, the container index file 192/194 stores anindication of whether a corresponding block in a container file190/191/193 is referred to by a link in a metadata file 186/187. Forexample, data block B2 in the container file 190 is referred to by alink in the metadata file 187 in the chunk folder 185. Accordingly, thecorresponding index entry in the container index file 192 indicates thatthe data block B2 in the container file 190 is referred to. As anotherexample, data block B1 in the container file 191 is referred to by alink in the metadata file 187, and so the corresponding index entry inthe container index file 192 indicates that this data block is referredto.

As an example, the data structures 180 illustrated in FIG. 1H may havebeen created as a result of two storage operations involving two clientcomputing devices 102. For example, a first storage operation on a firstclient computing device 102 could result in the creation of the firstchunk folder 184, and a second storage operation on a second clientcomputing device 102 could result in the creation of the second chunkfolder 185. The container files 190/191 in the first chunk folder 184would contain the blocks of SI data of the first client computing device102. If the two client computing devices 102 have substantially similardata, the second storage operation on the data of the second clientcomputing device 102 would result in the media agent 144 storingprimarily links to the data blocks of the first client computing device102 that are already stored in the container files 190/191. Accordingly,while a first storage operation may result in storing nearly all of thedata subject to the storage operation, subsequent storage operationsinvolving similar data may result in substantial data storage spacesavings, because links to already stored data blocks can be storedinstead of additional instances of data blocks.

If the operating system of the secondary storage computing device 106 onwhich the media agent 144 operates supports sparse files, then when themedia agent 144 creates container files 190/191/193, it can create themas sparse files. A sparse file is type of file that may include emptyspace (e.g., a sparse file may have real data within it, such as at thebeginning of the file and/or at the end of the file, but may also haveempty space in it that is not storing actual data, such as a contiguousrange of bytes all having a value of zero). Having the container files190/191/193 be sparse files allows the media agent 144 to free up spacein the container files 190/191/193 when blocks of data in the containerfiles 190/191/193 no longer need to be stored on the storage devices. Insome examples, the media agent 144 creates a new container file190/191/193 when a container file 190/191/193 either includes 100 blocksof data or when the size of the container file 190 exceeds 50 MB. Inother examples, the media agent 144 creates a new container file190/191/193 when a container file 190/191/193 satisfies other criteria(e.g., it contains from approximately 100 to approximately 1000 blocksor when its size exceeds approximately 50 MB to 1 GB).

In some cases, a file on which a storage operation is performed maycomprise a large number of data blocks. For example, a 100 MB file maycomprise 400 data blocks of size 256 KB. If such a file is to be stored,its data blocks may span more than one container file, or even more thanone chunk folder. As another example, a database file of 20 GB maycomprise over 40,000 data blocks of size 512 KB. If such a database fileis to be stored, its data blocks will likely span multiple containerfiles, multiple chunk folders, and potentially multiple volume folders.Restoring such files may require accessing multiple container files,chunk folders, and/or volume folders to obtain the requisite datablocks.

Example Inline Email Backup System Overview

FIGS. 2A and 2B are block diagrams illustrating an example informationmanagement system 200 that includes an email protection module 201 incommunication with an email server 202 and also in communication withone or more media agents 144 in a secondary storage subsystem. Theinformation management system 200 can backup emails associated with aparticular user or group of users in secondary storage in accordancewith email protection rules 203. Accordingly, emails can be backed up ina manner tailored to comply with one or more of compliance, regulatory,or legal requirements.

Emails can be backed up in connection with sending and/or receivingemail. An email server application 206 of the email server 202 canimplement the email protection rules 203 to route second instances ofemails to the email protection module 201 in connection with sending theemail. Alternatively or additionally, the email server application 206can implement the email protection rules 203 to route second instancesof emails to the email protection module 201 in connection withreceiving the email. FIG. 2A illustrates a data flow associated withbacking up email sent from an enterprise computing system according toemail protection rules 203 provided by a storage manager 140. FIG. 2Billustrates a data flow associated with backing up email received by anenterprise computing system according to email protection rules 203provided by the storage manager 140.

The example information management system 200 illustrated in FIGS. 2Aand 2B includes an email protection module 201 implemented on one ormore computing devices 207, an email server 202 that includes an emailserver application 206 and an email server data agent 208, one or moreworkstations 205 that each include an email client 204, one or more dataagents 142, and other applications 110, which may include softwareapplications installed on the workstations 205. The workstations may beclient computing devices, for example, such as any of the clientcomputing devices described herein (e.g., with respect to FIGS. 1A-1H).The email protection module 201 is separate from the email serverapplication 206 and/or the email server 202, as shown. As illustrated,the email protection module 201 is in communication with one or moremedia agents 144 in a secondary storage subsystem. A storage manager 140can provide email protection rules 203 to the email server 202 and oneor more computing devices 207 that include the email protection module201. The email protection module 201 and the email server application206 can be implemented on separate physical computing device(s) asillustrated.

The example system 200 illustrated in FIGS. 2A and 2B can compriseseveral elements described above (for example, primary storage devices104, client computing device(s) 102 [e.g., the workstation(s) 205],associated applications 110 and data agents 142, storage manager 140,media agent(s) 144, secondary storage device(s) 108, etc.). Some of theelements described above can implement additional functionalityassociated with backing up emails, as will be discussed in more detailbelow. The workstation(s) 205 and the email server 202 are in theprimary storage subsystem, and the media agent(s) 144 and the secondarystorage devices 108 are in the secondary storage subsystem in theillustrated information management system 200. The email protectionmodule 201 is illustrated as being in the primary storage subsystem inFIGS. 2A and 2B. In some other implementations (not illustrated), someor all of the email protection module 201 can be in the secondarystorage subsystem. Although not expressly shown in FIGS. 2A and 2B,inter-component connectivity can be implemented in accordance with anycombination of features of the architecture of information managementsystem 100 of FIGS. 1A-1H. In certain embodiments, the system 200 caninclude more or fewer components than illustrated.

All elements shown in FIGS. 2A and 2B can be implemented and executed byphysical computer hardware. For example, software applications, such asthe email client 204 and the email server application 206, and modules,such as the email protection module 201, can be stored on non-transitorycomputer readable storage and executed by one or more processors of oneor more computing devices.

Backup of Email Sent by the Information Management System

With reference to FIG. 2A, features of the system 200 and a data flowassociated with backing up an email sent from a workstation 205 androuted by an email server 202 in accordance with email protection rules203 will be described. The storage manager 140 of the informationmanagement system 200 can implement any combination of features of thestorage managers described herein. The storage manager 140 can alsostore email protection rules 203 in a storage management database 146,or in some other appropriate location. The email protection rules 203can identify a group of one or more email addresses for which to backupemails. The email protection rules 203 can additionally specify rulesfor routing second instances of email and/or rules associated withstoring backup copies of emails to secondary storage (e.g., for storagein the secondary storage devices 108).

The storage manager 140 can provide one or more email protection rules203 to the email server 202 (1 a). According to certain implementations,the storage manager 140 can send email protection rules 203 to the emailserver 202 periodically, in response to the email protection rules 203being saved and/or updated in the database 146, in response to a requestby the email server 202, in response to an trigger event such asactivation or rebooting of the email server 202, or any combinationthereof.

The email server 202 can be implemented by one or more computingdevices. The email server application 206 of the email server 202 canimplement the email protection rules 203. As an example, an emailprotection rule 203 can instruct the email server application 206 of theemail server 202 to route a second instance of each email that is sentfrom and/or received by a group of one or more email addresses to theemail protection module 201. For instance, an email rule included in theset of email protection rules 203 can specify to backup all emailsreceived by all corporate attorneys of an enterprise in the secondarystorage subsystem. As another example, an email rule included in the setof email protection rules 203 can instruct the email server application206 of the email server 202 to route a second instance of each emailthat is sent from and/or received by a particular database or domainname to the email protection module 201. More details regarding emailprotection rules 203 will be described later. The group of one or moreemail addresses can include individual email addresses and/or emailaddresses included in one or more email distribution groups.

As shown, the storage manager 140 can also provide one or more emailprotection rules 203 to the email protection module 201 (1 b). The emailprotection rules 203 can instruct the email protection module 201 tocause email backup data to be stored to secondary storage according tocertain backup storage rules. For example, the email protection rules203 can cause data associated with a particular email address or groupof email addresses to be provided to a particular media agent 144 and/orto particular secondary store device(s) 108. This can cause backupcopies of emails to be stored on device(s) with backup polices suitablefor retaining the backup copies of the emails. The email protectionrules 203 can be provided to the email protection module 201 while theemail protection rules 203 are being provided to the email server 202.Alternatively or additionally, the email protection rules 203 can beprovided to the email protection module 201 before and/or after beingprovided to the email server 202.

In some applications, different portions of email protection rules 203can be provided to the email server 202 and the email protection module201. For example, portions of the email protection rules 203 related torouting emails to be saved to secondary storage (e.g., lists ofrecipients for which backup copies of corresponding emails should becreated) can be provided to the email server 202 and portions of theemail protection rules 203 related to storing the backup copies ofemails (e.g., particular media agents 144 and/or secondary storagedevices 108 for use in backing up emails) can be provided to the emailback module 201.

After the storage manager 140 has provided the email protection rules203 to the email server 202 and the email protection module 201, thesystem 200 can route second instances of email traffic to the secondarystorage subsystem in accordance with the email protection rules 203. Thesecond instances of emails can be separate from the emails routed to therecipient(s) specified by the sender of the email.

A user can send an email from an email client 204, such as MicrosoftEXCHANGE®, on her workstation 205 as illustrated (2). Alternatively, theuser can send the email from an email client on her mobile device (notillustrated). The email sent by the user can be provided to the emailserver application 206 of the email server 202 for routing to emailaddress(es) of the intended recipient(s). The email addresses of therecipients can include each email address specified in a “TO” field, a“CC” field, a “BCC” field, or any combination thereof. The emailaddresses can include Simple Mail Transfer Protocol (SMTP) address insome implementations.

The email sent by the user can be routed to email addresses of therecipient(s) in accordance with typical email routing performed by theemail server 202 (3 a). Such routing can be independent of the emailprotection rules 203. The email server application 206 can compare anidentifier associated with the sender with one or more email protectionrules 203. Such a comparison can be performed concurrently while routingthe email to the addresses of the recipient(s), for example. Accordingto some embodiments, the email server application 206 can also compareone or more identifiers associated with the recipient(s) with one ormore email protection rules 203. This comparison can be performedconcurrently while routing the email to the addresses of therecipient(s), for example. The identifier(s) associated with the senderand/or recipient(s) can comprise any suitable information identifyingthe sender and/or recipient(s). When at least one email rule of the setof email protection rules 203 indicates to backup an email, a secondinstance of the email can be routed to the email protection module 201,as shown (3 b).

The email server application 206 can route the second instance of theemail to the email protection module 201 as if the email protectionmodule 201 were another email server or email recipient, in a mannerthat is transparent to the email server application 206. Thus, theserver application 206 can communicate with the email protection module201 as if email protection module 201 were an email server outside ofthe information management system 200 (and/or outside of theenterprise). The second instance of the email can be provided to theemail protection module 201 in email format. For instance, the emailapplication server 206 can send the second instance of the email to theemail protection module 201 using an appropriate email communicationprotocol and/or formatting, which can be the same email protocol and/orformatting used to send the email to the intended recipients external tothe system 200, for example. The second instance of the email caninclude the body of the email and information identifying the emailaddresses with access to the email (for example, the email addresses ofthe sender and the recipient(s)). The second instance of the email canalso include attachments to the email. Once the email protection module201 receives the second instance of the email, the second instance canbe saved to persistent memory as a backup copy at the direction of theemail protection module 201. Such backup can occur without directionfrom email clients 204 and/or users associated with the email clients204 and/or without direction from the email server application 206.Accordingly, emails can be backed up in a transparent fashion. Storingthe backup copy of the email to secondary storage can occurindependently of operations of the email server application 206 afterthe email server application 206 routes the second instance of the emailto the email protection module 201. When the backup copies of the emailsare stored to persistent memory of the secondary storage subsystem, anotification can be sent to the email protection module 201 withoutsending a notification to the email server application 206 and/or theemail clients 204 of the users with access to the email.

The second instance of the email can be routed to the email protectionmodule 201 inline with the standard copy that is sent to the intendedrecipients. Accordingly, the email protection module 201 can receive thesecond instance of the email around the time that the email client of anintended recipient receives the email. For example, the email serverapplication 206 may send the second instance of the email to the emailprotection module 201 (3 b) at or around the time that the email serverapplication 206 sends the email to the intended email recipients (3 a).In some instances, the email server application 206 may send the secondinstance of the email to the email protection module 201 (3 b) within nomore than some period of time before and/or after sending the email tothe intended recipients (3 a), such as within no more than about 0.5, 1,2, 5, 10, 20, 30, or 60 seconds before and/or after sending the email tothe intended recipients, depending on the embodiment. In some otherimplementations, the second instance of the email can be routed to theemail protection module 201 as part of a batch process rather thaninline with the standard copy that is sent to the intended recipients.

The email protection module 201 can receive the second instance of theemail from the email server application 206. Based on the emailprotection rules 203, the email protection module 201 can process and/orroute the second instance of the email. The email protection module 201can prepare the second instance of the email for loading into secondarystorage as a backup copy. For example, the email protection module 201can covert the second instance of the email from email format to backupformat. The email protection module 201 can perform other processing onthe second instance of the email received from the email serverapplication 206.

The email protection module 201 can route the second instance of theemail, e.g., in backup format, to one or more media agents 144 (4). Theemail protection rules 203 can instruct the email protection module 201to provide the second instance of the email to particular media agent(s)144 and/or particular secondary storage device(s) 108, for example. Thesecond instance of the email can be provided to the media agent(s) 144without saving the second instance of the email to persistent storage ofthe primary storage subsystem. In certain embodiments, the emailprotection module 201 can provide the second instance of the email tothe media agent(s) 144 inline. For instance, the email protection module201 may send the second instance of the email to the media agent 144 (4)at or around the time that the email protection module 201 receives andprocesses the second instance of the email received from the emailserver application 206. In some instances, the email protection module201 may send the second instance of the email to the media agent 144 (4)within no more than some period of time before and/or after receivingthe second instance of the email from the email server application 206,such as within no more than about 0.5, 1, 2, 5, 10, 20, 30, or 60seconds before and/or after receipt, depending on the embodiment. Emaildata can also be provided to the media agent(s) 144 periodically, inresponse to a trigger event, at different levels of granularity, when acertain amount of email data is ready to send to the media agent(s) 144,the like, or any combination thereof.

The media agent(s) 144 can provide the backup email data to one or moresecondary storage devices 108 (5). The media agent(s) 144 can store thebackup email data to the secondary storage device(s) as a backup copy inaccordance with the principles and advantages discussed with referenceto one or more of FIGS. 1A to 1H. A content indexing module 209 of themedia agent(s) 144 can content index the backup email data according tosome implementations. The content indexing data can be provided to oneor more secondary storage devices 108 for storage (6). The contentindexing can be performed in accordance with the principles andadvantages discussed with reference to one or more of FIGS. 1A to 1H.The content indexing can be performed inline. For instance, the mediaagent 144 or other appropriate entity may perform the content indexingat or around the time that the media agent 144 receives the secondinstance of the email from the email protection module 201, In someinstances, the email server application 206 may perform the contentindexing within no more than some period of time before and/or afterreceiving the second instance of the email, such as within no more thanabout 0.5, 1, 2, 5, 10, 20, 30, or 60 seconds before and/or afterreceipt. Accordingly, the email backup data can be stored in thesecondary storage device(s) 108 and be searchable based on the contentindex inline. In certain implementations, storing backup copies of emailin persistent memory (e.g., the secondary storage device[s] 108) of thesecondary storage subsystem can be completed prior to a recipient'semail client receiving the email. In some other implementations, storingbackup copies of email in persistent memory of the secondary storagesubsystem (e.g., the secondary storage device[s] 108) can be completedaround the same time that a recipient's email client receives the email.

Accordingly, the backup email data stored in the one or more secondarystorage devices 108 can store backup copies of electronic user mailboxes(or selected emails and/or other portions thereof) based on emailprotection rules 203. The backup email data stored in the one or moresecondary storage devices 108 can also include information identifyingthe group of users having access to the email when the email was routedby the email server 202. The email backup data can be searchable andemails can easily be accessed for legal, regulatory, compliance, orsimilar purposes. The backup email data can be stored in the secondarystorage subsystem based on the email protection rules 203 that were ineffect when an email was sent and/or received. The system 200 cancontrol access to the email backup data based on whether a user hadaccess to the email when the email was sent. Emails can be consideredaccessible to a user if the emails were sent and/or received by one ormore email addresses associated with the user. Alternatively oradditionally, emails can be considered accessible to a user if the userhad an appropriate permission level or credentials, e.g., at the timethe email was originally delivered and/or backed up, at the time theuser is trying to later access the email. More detail regardingsearching for and accessing backup copies of emails stored in secondarystorage will be provided later.

Backup of Email Received by the Information Management System

Referring now to FIG. 2B, features of the system 200 will now bedescribed with respect to an a data flow depicting an example scenarioin which an email coming from an external source is received andprocessed by the system 200. This is in contrast to FIG. 2A, whichillustrated a case in which an email was sent from the system 200 to anexternal source. In particular, FIG. 2B provides a data flow associatedwith backing up an email received by the system 200 in accordance withemail protection rules 203.

The storage manager 140 can provide email protection rules 203 or otherpolicies to the email server 202 and/or the email protection module 201(1 a), for example, in accordance with any of the principles andadvantages discussed with reference to FIG. 2A. Then the email serverapplication 206 of the email server 202 can receive (2) an incomingemail. The email can be received from a sender located outside of theinformation management system 200 (and/or outside the enterprise) incertain instances.

The email received by the email server 202 can be routed to emailaddresses of the recipient(s) in accordance with typical email routingperformed by the email server 202. For instance, in the illustratedembodiment, the email server application 206 processes the email,identifies a user associated with an email client 204 running on theworkstation 205 as being an intended recipient, and thus sends (3 a) acopy of the email to the email client 204. Such routing can beindependent of the email protection rules 203. The email serverapplication 206 can compare one or more identifiers associated with therecipient(s) with one or more email protection rules 203. Thiscomparison can be performed concurrently while routing the email to theemail addresses of the recipient(s), for example. When at least oneemail rule of the email protection rules 203 indicates to back up theemail, the email server application 206 can send (3 b) a second instanceof the email to the email protection module 201. Accordingly, the emailserver application 206 can provide second instances of emails sent fromoutside of the enterprise to enterprise users to the email protectionmodule 201. The second instance of the email can be routed to the emailprotection module 201 inline. For example, the email server application206 may send the second instance of the email to the email protectionmodule 201 (3 b) at or around the time that the email server application206 sends the email to the email client 204 (3 a). In some instances,the email server application 206 may send the second instance of theemail to the email protection module 201 (3 b) within no more than someperiod of time before and/or after sending the email to the email client204 (3 a), such as within no more than about 0.5, 1, 2, 5, 10, 20, 30,or 60 seconds before and/or after sending. The second instance of theemail can be provided to the email protection module 201 in emailformat. For instance, the email application server 206 can send thesecond instance of the email to the email protection module 201 using anappropriate email communication protocol and/or formatting, which can bethe same email protocol and/or formatting used to send the email to theemail client 204, for example.

Once the email protection module 201 receives the second instance of theemail, the second instance of the email can be processed. For example,the email protection module 201 can transmit (4) the second instance ofthe email to the media agent 144. The media agent 144 can in turnprocess (e.g., content index) the email and store (5) the email in theone or more secondary storage devices 108 as a backup copy. In someimplementations, the media agent 144 can provide the content indexinginformation (6) to the one or more secondary storage devices 108. Thesesteps can be performed as discussed above with reference to FIG. 2A, forexample.

Example Methods of Inline Email Backup

An example method of backing up an email can include instructing anemail server to route emails processed by the email server to an emailprotection module and to route the emails to intended recipients of theemails based at least partly on one or more email protection rules. Theone or more email protection rules can identify a group of one or moreemail addresses and specify that the email server is only to routeemails to the email protection module for which at least one of theintended recipients corresponds to one of the one or more emailaddresses in the group. The method can include the email protectionmodule receiving an email from the email server, in which at least oneintended recipient of the email corresponds to one of the one or moreemail addresses of the group. The method can include routing the emailto secondary storage. The method can further include storing the emailin secondary storage to create a secondary copy of the email. Accordingto certain embodiments, the method can create the secondary copy of theemail inline.

FIG. 3 illustrates a flow chart of an example process 300 to backupemail data inline in secondary storage. While features of the process300 may be described with reference to the system 200 for illustrativepurposes, one or more features of the process 300 can be implemented ina variety of other computing systems. The email server 202 is instructedto implement one or more email protection rules 203 at block 302. Thestorage manager 140 can provide the email protection rules 203 to theemail server application 206 to configure the email server application206 to implement the email protection rules 203. At or around the timethe email server 202 is instructed to implement email protection rules203, email protection rules 203 can be provided to the email protectionmodule 201 to provide instructions regarding storing backup email data.

At block 304, second instances of emails are received from the emailserver 202 based on the email protection rules 203. For instance, theemail server 202 can route a second instance of each email associatedwith an email address identified in an email protection rule 203 to theemail protection module 201. The email can be routed from the emailserver 202 to the email protection module 201 as if the email protectionmodule 201 were another email server (e.g., using email formatting andcommunication protocol). Accordingly, the email server 202 can providethe second instance of the email to the email protection module 201 inemail format. Moreover, the second instance of the email can beforwarded to and/or received by the email protection module 201 inline,e.g., at or around the time that the email server 202 sends the email tothe external intended recipients, as discussed.

The email protection module 201 can then convert the second instance ofthe email to backup format. At block 306, the second instance of anemail can be provided to one or more media agents 144 inline, e.g., ator around the time that the second instance of the email was received bythe email protection module 201, as discussed. The one or more mediaagents 144 can reside in secondary storage. The one or more media agentscan receive the second instances of the emails in backup format.

The second instances of emails can be stored to persistent memory ofsecondary storage as backup copies inline at block 308, such as to oneor more of the secondary storage devices 108. The backup copies ofemails can be context indexed at block 310. As such, the backup copiesof the emails can be available substantially in real time.

At block 312, access to the backup copies of the emails can becontrolled based on whether a user had access to the emails when theemails were sent. A user can have access to an email when one or moreemail addresses associated with the user send and/or received the email.Alternatively or additionally, a user can have access to an email if theuser had an appropriate permission level or credentials, e.g., at thetime the email was originally delivered and/or backed up, at the timethe user is trying to later access the email.

Email Protection Rules

The email protection rules 203 discussed herein can implement a widevariety of rules for backing up emails. Some example email rules 203will now be described. One or more features of the example email rules203 can be implemented in connection with any of the systems or methodsdiscussed herein. As discussed above, email protection rules 203 cancause the email server application 206 to route second instances ofemails based on a group of one or more email addresses identified in theemail protection rules 203. In response to detecting that a an emailaddresses from the group identified in the email protection rules 203 isa sender and/or recipient of to the email, the email server application206 can route a second instance of the email to the email protectionmodule 201. In certain instances, the email protection rules 203 canspecify conditions on routing emails for backup associated with one ormore email addresses in the group. The email protection rules 203 canalso specify information related to the storage of the backup copy ofthe email according to some embodiments.

FIG. 4 depicts an illustrative data structure containing example emailprotection rules 203. The email protection rules 203 illustrated in FIG.4 include information identifying email address(es) 402, routingconditions 404, and storage information 406. The information identifyingemail address(es) 402 can include email address(es) of individual users(for example, Joe.Lawyer@enterprise.com and Jane.Attorney@enterprise.comin the example shown in FIG. 4), email distribution group(s) (forexample, Paralegal_Group@enterprise.com in the example shown in FIG. 4),or email address(es) associated with a particular database or mailboxthat unassociated with a particular user (for example,Legal_Info@enterprise.com in the example shown in FIG. 4), the like, orany combination thereof.

Routing conditions 404 of the email protection rules 203 can specifyconditions for routing second instances of emails associated with one ormore email addresses associated with the information identifying emailaddress(es) 402. Routing conditions 404 can instruct the email serverapplication 206 to route all emails associated with a selected emailaddress(es) or to route only a subset of emails associated with theselected email address(es). As an example, routing conditions 404 canspecify whether to route a second instance of an email based on whetheremail addresses associated with the email are internal and/or externalto an enterprise. In the example shown in FIG. 4, the routing conditions404 can indicate to route all emails for some email address(es) to theemail protection module 201, to route only internal emails for someemail address(es) to the email protection module 201, and/or to routeonly external emails for some email address(es) to the email protectionmodule 201. Some other example routing conditions 404 can cause theemail server application 206 to conditionally route second instances ofemails based on, for example, a time an email is sent, a particularaccount or group of accounts the email is sent from and/or received by,a particular device the email is sent from, a geographic location theemail is sent from, whether an email includes a particular keyword orstring of keywords, the like, or any combination thereof.

Path information 406 of the email protection rules 203 can specifystorage policies related to backup copies of emails associated with oneor more email addresses associated with the information identifyingemail address(es) 402. Path information 406 can specify that the emailprotection module 201 is to store backup copies of emails associatedwith selected email address(es) to particular device(s) or types ofdevice(s) in secondary storage. In the example shown in FIG. 4, the pathinformation 406 can indicate to store backup copies of emails associatedwith some email address(es) to particular storage devices (for example,Storage Device 1) or to particular types of storage devices (forexample, Storage Device Type 2 and/or Storage Device Type 3). This canenable the backup copies of emails associated with one or more selectedemail addresses to be stored in persistent memory of secondary storagein a manner that meets or exceeds document retention policies for theone or more selected email addresses. In some instances, pathinformation 406 can instruct the email protection module 201 to causebackup copies of different emails associated with the same email addressto be stored to secondary storage devices having different dataretention policies. In some implementations, the path information 406can specify that the second instances of the emails are to be routed tosecondary storage via a specified media agent 144, or via one of a setof possible media agents 144.

Searching and Accessing Email Backups

Backup email data stored in the one or more secondary storage devices108 can be searched and/or accessed by users of the system 200. Thecontent indexing discussed above can make the email backup data readilysearchable. Accordingly, the email backup data in secondary storage caneasily and quickly searched through and accessed for legal, regulatory,compliance, or similar purposes. Alternatively or additionally, a usercan also access email backup data if the user desires to access an emailthat has been deleted from the user's email client 204, or is otherwiseno longer available in the primary storage subsystem.

As discussed above, the email backup data can be stored to secondarystorage inline. Accordingly, the email backup data can in someembodiments be searched in real time. By providing searchable emailbackup data in real time, such data can be accessed without waiting foremails to be archived or otherwise backed up. Archiving or other backupcan in some instances take a relatively long period of time depending onthe particular storage policy, such as on the order of a day, a week, amonth, etc.

A user interface, such as a graphical user interface, can enable a userto search backup copies of emails stored in the persistent memory of thesecondary storage subsystem. The user interface can be, for example,presented to a user on a display of a workstation 205 of the system 200.

The system 200 can control access to the backup copies of the emailstored to the persistent memory according to a variety of access rules.For example, the system 200 can control access to the backup copies ofthe email stored to the persistent memory based on whether a user hadaccess to the email when the email was originally sent by the emailserver application 206 and/or received by the email protection module201. Moreover, when the user searches for backup email data, the backupemail data can be filtered based on which emails were accessible to theuser when the emails were sent. Emails accessible to a user can includeemails sent and/or received by one or more email addresses associatedwith the user. Emails can also be considered accessible to a user if theuser had an appropriate permission level or credentials, e.g., at thetime the email was originally delivered and/or backed up, at the timethe user is trying to later access the email, or both. The system 200can prevent the user from accessing emails that were not accessible tothe user when the email was sent.

TERMINOLOGY

Conditional language, such as, among others, “can,” “could,” “might,” or“may,” unless specifically stated otherwise, or otherwise understoodwithin the context as used, is generally intended to convey that certainembodiments include, while other embodiments do not include, certainfeatures, elements and/or steps. Thus, such conditional language is notgenerally intended to imply that features, elements and/or steps are inany way required for one or more embodiments or that one or moreembodiments necessarily include logic for deciding, with or without userinput or prompting, whether these features, elements and/or steps areincluded or are to be performed in any particular embodiment.

Unless the context clearly requires otherwise, throughout thedescription and the claims, the words “comprise,” “comprising,” and thelike are to be construed in an inclusive sense, as opposed to anexclusive or exhaustive sense; that is to say, in the sense of“including, but not limited to.” As used herein, the terms “connected,”“coupled,” or any variant thereof means any connection or coupling,either direct or indirect, between two or more elements; the coupling orconnection between the elements can be physical, logical, or acombination thereof. Additionally, the words “herein,” “above,” “below,”and words of similar import, when used in this application, refer tothis application as a whole and not to any particular portions of thisapplication. Where the context permits, words in the above DetailedDescription using the singular or plural number may also include theplural or singular number respectively. The word “or” in reference to alist of two or more items, covers all of the following interpretationsof the word: any one of the items in the list, all of the items in thelist, and any combination of the items in the list. Likewise the term“and/or” in reference to a list of two or more items, covers all of thefollowing interpretations of the word: any one of the items in the list,all of the items in the list, and any combination of the items in thelist.

Depending on the embodiment, certain operations, acts, events, orfunctions of any of the algorithms described herein can be performed ina different sequence, can be added, merged, or left out altogether(e.g., not all are necessary for the practice of the algorithms).Moreover, in certain embodiments, operations, acts, functions, or eventscan be performed concurrently, e.g., through multi-threaded processing,interrupt processing, or multiple processors or processor cores or onother parallel architectures, rather than sequentially.

Systems and modules described herein may comprise software, firmware,hardware, or any combination(s) of software, firmware, or hardwaresuitable for the purposes described herein. Software and other modulesmay reside and execute on servers, workstations, personal computers,computerized tablets, PDAs, and other computing devices suitable for thepurposes described herein. Software and other modules may be accessiblevia local memory, via a network, via a browser, or via other meanssuitable for the purposes described herein. Data structures describedherein may comprise computer files, variables, programming arrays,programming structures, or any electronic information storage schemes ormethods, or any combinations thereof, suitable for the purposesdescribed herein. User interface elements described herein may compriseelements from graphical user interfaces, interactive voice response,command line interfaces, and other suitable interfaces.

Further, the processing of the various components of the illustratedsystems can be distributed across multiple machines, networks, and othercomputing resources. In addition, two or more components of a system canbe combined into fewer components. Various components of the illustratedsystems can be implemented in one or more virtual machines, rather thanin dedicated computer hardware systems and/or computing devices.Likewise, the data repositories shown can represent physical and/orlogical data storage, including, for example, storage area networks orother distributed storage systems. Moreover, in some embodiments theconnections between the components shown represent possible paths ofdata flow, rather than actual connections between hardware. While someexamples of possible connections are shown, any of the subset of thecomponents shown can communicate with any other subset of components invarious implementations.

Embodiments are also described above with reference to flow chartillustrations and/or block diagrams of methods, apparatus (systems) andcomputer program products. Each block of the flow chart illustrationsand/or block diagrams, and combinations of blocks in the flow chartillustrations and/or block diagrams, may be implemented by computerprogram instructions. Such instructions may be provided to a processorof a general purpose computer, special purpose computer,specially-equipped computer (e.g., comprising a high-performancedatabase server, a graphics subsystem, etc.) or other programmable dataprocessing apparatus to produce a machine, such that the instructions,which execute via the processor(s) of the computer or other programmabledata processing apparatus, create means for implementing the actsspecified in the flow chart and/or block diagram block or blocks.

These computer program instructions may also be stored in anon-transitory computer-readable memory that can direct a computer orother programmable data processing apparatus to operate in a particularmanner, such that the instructions stored in the computer-readablememory produce an article of manufacture including instruction meanswhich implement the acts specified in the flow chart and/or blockdiagram block or blocks. The computer program instructions may also beloaded onto a computing device or other programmable data processingapparatus to cause a series of operations to be performed on thecomputing device or other programmable apparatus to produce a computerimplemented process such that the instructions which execute on thecomputer or other programmable apparatus provide steps for implementingthe acts specified in the flow chart and/or block diagram block orblocks.

Any patents and applications and other references noted above, includingany that may be listed in accompanying filing papers, are incorporatedherein by reference. Aspects of the invention can be modified, ifnecessary, to employ the systems, functions, and concepts of the variousreferences described above to provide yet further implementations of theinvention.

These and other changes can be made to the invention in light of theabove Detailed Description. While the above description describescertain examples of the invention, and describes the best modecontemplated, no matter how detailed the above appears in text, theinvention can be practiced in many ways. Details of the system may varyconsiderably in its specific implementation, while still beingencompassed by the invention disclosed herein. As noted above,particular terminology used when describing certain features or aspectsof the invention should not be taken to imply that the terminology isbeing redefined herein to be restricted to any specific characteristics,features, or aspects of the invention with which that terminology isassociated. In general, the terms used in the following claims shouldnot be construed to limit the invention to the specific examplesdisclosed in the specification, unless the above Detailed Descriptionsection explicitly defines such terms. Accordingly, the actual scope ofthe invention encompasses not only the disclosed examples, but also allequivalent ways of practicing or implementing the invention under theclaims.

To reduce the number of claims, certain aspects of the invention arepresented below in certain claim forms, but the applicant contemplatesthe various aspects of the invention in any number of claim forms. Forexample, while only one aspect of the invention is recited as ameans-plus-function claim under 35 U.S.C. sec. 112(f) (AIA), otheraspects may likewise be embodied as a means-plus-function claim, or inother forms, such as being embodied in a computer-readable medium. Anyclaims intended to be treated under 35 U.S.C. §112(f) will begin withthe words “means for”, but use of the term “for” in any other context isnot intended to invoke treatment under 35 U.S.C. §112(f). Accordingly,the applicant reserves the right to pursue additional claims afterfiling this application, in either this application or in a continuingapplication.

What is claimed is:
 1. A method of protecting email data using emailprotection rules that are distributed amongst multiple computingdevices, the method comprising: by a first computing device, accessingone or more email protection rules, the email protection rulescomprising: (i) a first portion including information usable to identifyemails to forward to a second computing device, and (ii) a secondportion including information usable to determine which secondarystorage controller computer of a plurality of secondary storagecontroller computers to use in secondary copy operations associated withemails forwarded to the second computing device; based at least partlyon the first portion of the one or more email protection rules,instructing an email server application to route emails processed by theemail server application to the second computing device in addition torouting the emails to intended recipients of the emails, wherein thesecond computing device is separate from a computing device on which theemail server application resides, and wherein the one or more emailprotection rules identify a group of one or more email addresses andspecify that the email server application is only to route emails to thesecond computing device for which at least one of the intendedrecipients corresponds to one of the one or more email addresses in thegroup; by the second computing device: receiving an email from the emailserver application, at least one intended recipient of the emailcorresponding to one of the one or more email addresses of the group;accessing the second portion of the one or more email protection rules:reviewing the second portion of the one or more email protection rules;and based on the review of the second portion of the one or more emailprotection rules, determining a target secondary storage controllercomputer of the plurality of secondary storage controller computers towhich to route the email; routing the email from the second computingdevice to the target secondary storage controller computer; and storingthe email in secondary storage to create a secondary copy of the email.2. The method of claim 1, further comprising controlling access to thesecondary copy of the email based at least partly on whether a user hadpermission to access the email when the email was received by the secondcomputing device.
 3. The method of claim 1, wherein said storing isperformed inline with said receiving.
 4. The method of claim 1, whereinthe email received by the second computing device was sent by the emailserver application to an email address associated with the secondcomputing device.
 5. The method of claim 1, wherein said receivingcomprises receiving the email in email format, and wherein the methodfurther comprises converting the email to a secondary storage formatprior to said storing.
 6. The method of claim 1, further comprisingenabling a user to search secondary copies of emails stored bypersistent memory of the secondary storage through a graphical userinterface, the secondary copies of emails comprising the secondary copyof the email.
 7. The method of claim 1, wherein said storing isindependent of operations of the email server application subsequent tothe email being routed to the email protection module.
 8. The method ofclaim 1, wherein said storing is transparent to the email serverapplication.
 9. The method of claim 1, further comprising storing theone or more email protection rules in a management database associatedwith a storage manager computer, wherein said instructing comprisesproviding the one or more email protection rules from the managementdatabase to the email server application.
 10. The method of claim 1,wherein the one or more email protection rules comprise one or morerouting conditions for routing the email to the second computing device.11. The method of claim 1, wherein the one or more email protectionrules comprise information identifying at least one of a storage devicefor storing the secondary copy of the email or a storage policyassociated with the secondary copy of the email.
 12. The method of claim1, wherein the second computing device is separate from the computingdevice on which the email server application resides.
 13. The method ofclaim 1, wherein the computing device on which the email serverapplication resides is the first computing device.
 14. A system forprotecting email data using email protection rules, the systemcomprising: an email protection processor configured to execute incomputer hardware in a primary storage subsystem; a plurality ofsecondary storage controller computers comprising computer hardware, incommunication with the email protection processor, and residing in asecondary storage subsystem; one or more email protection rulescomprising: a first portion including information usable to identifyemails to forward to the email protection processor, and a secondportion including information usable to identify which of the pluralityof secondary storage controller computers to use in secondary copyoperations associated with emails forwarded to the email protectionprocessor; and a storage manager computer, the storage manager computercomprising computer hardware configured to, based at least partly on thefirst portion of the one or more email protection rules, instruct anemail server application executing in the primary storage subsystem tosend emails processed by the email server application to the emailprotection processor in addition to sending the emails to intendedrecipients of the emails, wherein the email protection processor isseparate from the email server application, and wherein the one or moreemail protection rules identify a group of one or more email addressesand specify that the email server application is only to send emails tothe email protection processor for which at least one of the intendedrecipients corresponds to one of the one or more email addresses in thegroup; the email protection processor being configured to: receive anemail from the email server application, wherein at least one intendedrecipient of the email corresponds to one of the one or more emailaddresses of the group; access the second portion of the one or moreemail protection rules; review the second portion of the one or moreemail protection rules; based on the review of the second portion of theone or more email protection rules, identify a target secondary storagecontroller computer of the plurality of secondary storage controllercomputers to which to forward the email; and transmit the email to asecondary storage subsystem; and wherein the target secondary storagecontroller computer is configured to: receive the email from the emailprotection processor; and store the email in one or more storage devicesresiding in the secondary storage subsystem to create a secondary copyof the email.
 15. The system of claim 14, wherein the email received bythe email protection processor is sent to an email address associatedwith the email protection processor using an email protocol, and theemail protection processor transmits the email to the secondary storagesubsystem without using email protocol.
 16. The system of claim 14,wherein user access to the secondary copy of the email is based at leastpartly on whether a user had permission to access the email when theemail was received by the email processor.
 17. The system of claim 14,wherein the secondary copy of the email is stored inline withtransmission of the email to the at least one intended recipient of theemail.
 18. The system of claim 14, wherein the email is stored to theone or more storage devices independent of actions of the email serverapplication subsequent to the email being routed to the email protectionprocessor.
 19. The system of claim 14, wherein the email is stored tothe one or more storage devices transparent to the email serverapplication.
 20. The system of claim 14, wherein the one or more emailprotection rules comprise one or more routing conditions for routing theemail to the email protection processor.
 21. The system of claim 14,wherein the one or more email protection rules comprise informationidentifying at least one of the one or more storage devices for storingthe secondary copy of the email or a storage policy associated with thesecondary copy of the email.
 22. The system of claim 14, wherein theemail server application resides on a first computing device in theprimary storage subsystem and the email protection processor resides ona second computing device within the primary storage subsystem.